The DNSKEY resource record stores public keys for the DNSSEC authentication process. The DNSKEY records are generated automatically when the corresponding authoritative zone is signed. The DNSKEY resource record object is read-only.
The DNSKEY resource record is defined in RFC 4034.
References to record:dnskey are object references. The name part of a DNS DNSKEY object reference has the following components:
- The name of the record.
- The name of the view.
Example: record:dnskey/ZG5zLmJpsaG9zdA:us.example.com/default.external
The object does not support the following operations:
The object cannot be managed on Cloud Platform members.
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): name, view.
The public key encryption algorithm of a DNSKEY Record object.
Type
String.
Search
The field is available for search via
Notes
The algorithm cannot be updated.
algorithm cannot be written.
The comment for the record.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is available for search via
Notes
The comment cannot be updated.
comment cannot be written.
The creation time of the record.
Type
Timestamp.
Search
The field is not available for search.
Notes
The creation_time cannot be updated.
creation_time cannot be written.
The record creator.
Type
String.
Search
The field is available for search via
Notes
The creator cannot be updated.
creator cannot be written.
Name of a DNSKEY record in punycode format.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The dns_name cannot be updated.
dns_name cannot be written.
The flags field is a 16-bit unsigned integer. Currently, only two bits of this value are used: the least significant bit and bit 7. The other bits are reserved for future use and must be zero. If bit 7 is set to 1, the key is a DNS zone key. Otherwise, the key is not a zone key and cannot be used to verify zone data. The least significant bit indicates “secure entry point property”. If it is not zero, the key is a key signing key (KSK type). Otherwise, the key type is ZSK.
Type
Integer.
Search
The field is available for search via
Notes
The flags cannot be updated.
flags cannot be written.
The key tag identifying the public key of a DNSKEY Record object.
Type
Unsigned integer.
Search
The field is available for search via
Notes
The key_tag cannot be updated.
key_tag cannot be written.
The time of the last DNS query in Epoch seconds format.
Type
Timestamp.
Search
The field is not available for search.
Notes
The last_queried cannot be updated.
last_queried cannot be written.
The name of the DNSKEY record in FQDN format. It has to be the same as the zone, where the record resides.
Type
String.
Search
The field is available for search via
Notes
The name is part of the base object.
The name cannot be updated.
name cannot be written.
The public key. The format of the returned value depends on the key algorithm.
Type
String.
Search
The field is available for search via
Notes
The public_key cannot be updated.
public_key cannot be written.
The Time To Live (TTL) value for the record. A 32-bit unsigned integer that represents the duration, in seconds, for which the record is valid (cached). Zero indicates that the record should not be cached.
Type
Unsigned integer.
Search
The field is not available for search.
Notes
ttl is associated with the field use_ttl (see use flag).
The ttl cannot be updated.
ttl cannot be written.
Use flag for: ttl
Type
Bool.
Search
The field is not available for search.
Notes
The use_ttl cannot be updated.
use_ttl cannot be written.
The name of the DNS View in which the record resides. Example: “external”.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is available for search via
Notes
The view is part of the base object.
The view cannot be updated.
view cannot be written.
The name of the zone in which the record resides. Example: “zone.com”. If a view is not specified when searching by zone, the default view is used.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is available for search via
Notes
The zone cannot be updated.
zone cannot be written.
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| algorithm | String | N | Y | N | = |
| comment | String | N | Y | N | : = ~ |
| creation_time | Timestamp | N | Y | N | N/A |
| creator | String | N | Y | N | = |
| dns_name | String | N | Y | N | N/A |
| flags | Integer | N | Y | N | = |
| key_tag | Unsigned int | N | Y | N | < = > |
| last_queried | Timestamp | N | Y | N | N/A |
| name | String | N | Y | Y | : = ~ |
| public_key | String | N | Y | N | = ~ |
| ttl | Unsigned int | N | Y | N | N/A |
| use_ttl | Bool | N | Y | N | N/A |
| view | String | N | Y | Y | = |
| zone | String | N | Y | N | = |
record:dname : DNS DNAME record object.
