Add-DnsServerSigningKey
Add-DnsServerSigningKey is accessible with the help of DnsServer module. To configure DnsServer, go through this link.
Synopsis
Adds a KSK or ZSK to a signed zone.
Description
The Add-DnsServerSigningKey cmdlet adds a Key Signing Key (KSK) or Zone Signing Key (ZSK) key to a Domain Name System (DNS) signed zone.
Parameters
-ActiveKey
Specifies a signing key pointer string for the KSK’s active key.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AsJob
Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.
The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job
cmdlets. To get the job results, use the Receive-Job cmdlet.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CimSession
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Type: | CimSession[] |
Aliases: | Session |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ComputerName
Specifies a remote DNS server. You can specify an IP address or any value that resolves to an IP address, such as a fully qualified domain name (FQDN), host name, or NETBIOS name.
Type: | String |
Aliases: | Cn |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CryptoAlgorithm
Specifies a cryptographic algorithm to use for key generation. The acceptable values for this parameter are:
- RsaSha1
- RsaSha256
- RsaSha512
- RsaSha1NSec3
- ECDsaP256Sha256
- ECDsaP384Sha384
Type: | String |
Accepted values: | RsaSha1, RsaSha256, RsaSha512, RsaSha1NSec3, ECDsaP256Sha256, ECDsaP384Sha384 |
Position: | 3 |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-DnsKeySignatureValidityPeriod
Specifies the amount of time that signatures that cover DNSKEY record sets are valid.
Type: | TimeSpan |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-DSSignatureValidityPeriod
Specifies the amount of time that signatures that cover DS record sets are valid.
Type: | TimeSpan |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-InitialRolloverOffset
Specifies the amount of time to delay the first scheduled key rollover. You can use InitialRolloverOffset to stagger key rollovers.
Type: | TimeSpan |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-KeyLength
Specifies the bit length of a key.
Type: | UInt32 |
Position: | 4 |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-KeyStorageProvider
Specifies the Key Storage Provider that the DNS server uses to generate keys.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-NextKey
Specifies a signing key pointer string for the next key. The DNS server uses this key during the next key rollover event.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RolloverPeriod
Specifies the amount of time between scheduled key rollovers.
Type: | TimeSpan |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-StandbyKey
Specifies a signing key pointer string for the KSK’s standby key.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-StoreKeysInAD
Specifies whether to store the keys in Active Directory Domain Services (AD DS). This setting applies only to Active Directory-integrated zones when the vendor of KeyStorageProvider is Microsoft.
Type: | Boolean |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ThrottleLimit
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0
is entered, then Windows PowerShell calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Type: | Int32 |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Type
Specifies whether a key is a KSK or a ZSK.
Type: | String |
Aliases: | KeyType |
Accepted values: | KeySigningKey, ZoneSigningKey |
Position: | 2 |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ZoneName
Specifies the name of the zone in which DNS Security Extensions (DNSSEC) operations are performed.
Type: | String |
Position: | 1 |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ZoneSignatureValidityPeriod
Specifies the amount of time that signatures that cover all other record sets are valid.
Type: | TimeSpan |
Position: | Named |
Default value: | None |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Syntax
Add-DnsServerSigningKey [-ZoneName] <String> [[-Type] <String>] [[-CryptoAlgorithm] <String>] [-ComputerName <String>] [[-KeyLength] <UInt32>] [-InitialRolloverOffset <TimeSpan>] [-DnsKeySignatureValidityPeriod <TimeSpan>] [-DSSignatureValidityPeriod <TimeSpan>] [-ZoneSignatureValidityPeriod <TimeSpan>] [-RolloverPeriod <TimeSpan>] [-ActiveKey <String>] [-StandbyKey <String>] [-NextKey <String>] [-KeyStorageProvider <String>] [-StoreKeysInAD <Boolean>] [-PassThru] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [-WhatIf] [-Confirm] [<CommonParameters>]
—————EXAMPLE 1—————
Add a KSK to a DNS zone
PS C:> Add-DnsServerSigningKey -ZoneName “delhi.TOSSolution.com” -Type “KeySigningKey” -CryptoAlgorithm “RsaSha1NSec3” –KeyLength 2048 -PassThru -Verbose
This command adds a KSK to the DNS signed-zone delhi.TOSSolution.com.
You can check the Version, CommandType and Source of this cmdlet by giving below command.
Get-Command Add-DnsServerSigningKey
You can also read about
- Disable-DnsServerSigningKeyRollover
- Enable-DnsServerSigningKeyRollover
- Get-DnsServerSigningKey
- Invoke-DnsServerSigningKeyRollover
- Remove-DnsServerSigningKey
- Set-DnsServerSigningKey
To know more PowerShell cmdlets(Commands) on DnsServer click here