Set-DnsServerDnsSecZoneSetting
Set-DnsServerDnsSecZoneSetting
Changes settings for DNSSEC for a zone.
Syntax
Parameter Set: Set1
Set-DnsServerDnsSecZoneSetting [-ZoneName] <String> [[-DenialOfExistence] <String> ] [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-DistributeTrustAnchor <String[]> ] [-DnsKeyRecordSetTtl <TimeSpan> ] [-DSRecordGenerationAlgorithm <String[]> ] [-DSRecordSetTtl <TimeSpan> ] [-EnableRfc5011KeyRollover <Boolean> ] [-NSec3HashAlgorithm <String> ] [-NSec3Iterations <UInt16> ] [-NSec3OptOut <Boolean> ] [-NSec3RandomSaltLength <Byte> ] [-NSec3UserSalt <String> ] [-ParentHasSecureDelegation <Boolean> ] [-PassThru] [-PropagationTime <TimeSpan> ] [-SecureDelegationPollingPeriod <TimeSpan> ] [-SignatureInceptionOffset <TimeSpan> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Set-DnsServerDnsSecZoneSetting cmdlet changes Domain Name System Security Extensions (DNSSEC) settings for the specified zone on a Domain Name System (DNS) server.
You can select which version of Next Secure (NSEC) to use to provide authenticated denial of existence. Set the DenialOfExistence parameter to NSec or NSec3. If you use NSec3, you can use either random salt or user-defined salt.
Parameters
-AsJob
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-CimSession<CimSession[]>
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-ComputerName<String>
Specifies a DNS server. If you do not specify this parameter, the command runs on the local system. You can specify an IP address or any value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-DenialOfExistence<String>
Specifies which version of NSEC to use. A DNS server uses this setting to provide signed proof of an unregistered name.
The acceptable values for this parameter are:
-- NSec
-- NSec3
Aliases |
none |
Required? |
false |
Position? |
3 |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DistributeTrustAnchor<String[]>
Specifies an array of trust anchors that a DNS server distributes in Active Directory® Domain Services. DNS servers do not distribute trust anchors by default. If the DNS server is not also a domain controller, it adds trust anchors only to the local trust anchor store.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DnsKeyRecordSetTtl<TimeSpan>
Specifies a time-span object that represents the Time to Live (TTL) value of a DNS key record.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DSRecordGenerationAlgorithm<String[]>
Specifies an array of cryptographic algorithms for domain service records. The acceptable values for this parameter are:
-- Sha1
-- Sha256
-- Sha384
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DSRecordSetTtl<TimeSpan>
Specifies a TTL time span for the set of domain service records. The default value is the same as the TTL for the zone.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EnableRfc5011KeyRollover<Boolean>
Specifies whether a server uses RFC 5011 key rollover.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-NSec3HashAlgorithm<String>
Specifies an NSEC3 hash algorithm. The only possible value is RsaSha1.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-NSec3Iterations<UInt16>
Specifies a number of NSEC3 hash iterations to perform when it signs a DNS zone. The default value is 50.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-NSec3OptOut<Boolean>
Specifies whether to sign the DNS zone by using NSEC opt-out. The default value is $False.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-NSec3RandomSaltLength<Byte>
Specifies the length of a salt value. The default length is 8.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-NSec3UserSalt<String>
Specifies a user salt string. The default value is Null or -.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ParentHasSecureDelegation<Boolean>
Specifies whether a parent has secure delegation for a zone. The default value is $False.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-PropagationTime<TimeSpan>
Specifies a propagation time as a time-span object. This is the expected time required to propagate zone changes.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-SecureDelegationPollingPeriod<TimeSpan>
Specifies a delegation polling period as a time-span object. This is the time between polling attempts for key rollovers for child zones. The default value is 12 hours.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-SignatureInceptionOffset<TimeSpan>
Specifies the signature inception as a time-span object. This value is how far in the past DNSSEC signature validity periods begin. The default value is one hour.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ThrottleLimit<Int32>
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-ZoneName<String>
Specifies the name of a DNS zone.
Aliases |
none |
Required? |
true |
Position? |
2 |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
- Microsoft.Management.Infrastructure.CimInstance#DnsServerDnsSecZoneSetting
Examples
Example 1: Modify RFC 5011 settings
This command modifies RFC 5011 settings for a zone named west01.contoso.com. The example uses the PassThru parameter to produce output and the Verbose parameter to include all output.
PS C:\> Set-DnsServerDnsSecZoneSetting -ZoneName "west01.contoso.com" -EnableRfc5011KeyRollover $true -PassThru -Verbose