GlobalLB::DNSSECZone¶
Introduced : BIG-IP_v10.1.0
The DNSSECZone interface manages the zones in which securing DNS
information, i.e., DNSSEC, is active. When a zone is active, its DNS
record groups are digitally signed, the DNS record names are hashed,
and keys sent to upstream DNS servers are digitally signed. A DNSSEC
zone can contain any number of DNSSEC keys, and a single DNSSEC key
can be used in more than one DNSSEC zone. Note that a large number of
DNSSEC keys in a single DNSSEC zone can affect the responsiveness to
DNS requests. Note that the term “zone” in this interface is not
necessarily “zone” in a DNS sense. See the DNSSECKey interface for
managing the keys themselves.
Methods¶
| Method | Description | Introduced |
| add_key | Adds DNSSEC keys to a set of DNSSEC zones. | BIG-IP_v10.1.0 |
| create | Creates a set of DNSSEC zones. | BIG-IP_v10.1.0 |
| delete_all_zones | Deletes all DNSSEC zones. | BIG-IP_v10.1.0 |
| delete_zone | Deletes a set of DNSSEC zones. | BIG-IP_v10.1.0 |
| get_all_statistics | Gets the statistics for all DNSSEC zones. | BIG-IP_v11.5.0 |
| get_authenticated_data_state | Gets the state of Authenticated Data (AD) flags for a set of DNSSEC zones. | BIG-IP_v12.1.0 |
| get_description | Gets the descriptions for a set of DNSSEC zones. | BIG-IP_v11.0.0 |
| get_ds_algorithm | Gets the DS hash algorithm used for a set of DNSSEC zones. | BIG-IP_v11.4.0 |
| get_enabled_state | Gets the enabled state for a set of DNSSEC zones. | BIG-IP_v10.1.0 |
| get_key | Gets the DNSSEC keys for a set of DNSSEC zones. | BIG-IP_v10.1.0 |
| get_list | Gets the names of all DNSSEC zones. | BIG-IP_v10.1.0 |
| get_nsec3_iteration_count | Gets the number of times to hash NSEC3 names for a set of DNSSEC zones. | BIG-IP_v11.5.0 |
| get_object_status | Gets the status of a set of DNSSEC zones. | BIG-IP_v10.1.0 |
| get_secure_entry_point | Gets the Secure Entry Points (DS and DNSKEY Resource Records) for a set of DNSSEC Zones. | BIG-IP_v11.4.0 |
| get_statistics | Gets the statistics for a list of DNSSEC zones. | BIG-IP_v11.5.0 |
| get_transfer_external_serial | Gets the zone transfer SOA serial number advertised to all clients for a set of DNSSEC zones. | BIG-IP_v11.5.0 |
| get_transfer_master_serial | Gets the zone transfer SOA serial number of master server for a set of DNSSEC zones. | BIG-IP_v11.5.0 |
| get_version | Get the version information for this interface. | BIG-IP_v10.1.0 |
| remove_all_keys | Removes all DNSSEC keys from a set of DNSSEC zones. | BIG-IP_v10.1.0 |
| remove_key | Removes DNSSEC keys from a set of DNSSEC zones. | BIG-IP_v10.1.0 |
| reset_statistics | Resets the query statistics for a list of DNSSEC zones. | BIG-IP_v11.5.0 |
| set_authenticated_data_state | Sets the state of Authenticated Data (AD) flags for a set of DNSSEC zones. This state directly determines the value of the AD flag in DNSSEC zone responses when the Authoritative Answer bit is TRUE. Note that individual AD flag states can also be enabled and disabled per zone. | BIG-IP_v12.1.0 |
| set_description | Sets the description for a set of DNSSEC zones. This is an arbitrary field which can be used for any purpose. | BIG-IP_v11.0.0 |
| set_ds_algorithm | Sets the DS Algorithm for a set of DNSSEC zones. | BIG-IP_v11.4.0 |
| set_enabled_state | Sets the enabled state for a set of DNSSEC zones. Note that individual keys can also be enabled and disabled. See the DNSSECKey interface for details. | BIG-IP_v10.1.0 |
| set_nsec3_iteration_count | Sets the number of times to hash NSEC3 names for a set of DNSSEC zones. | BIG-IP_v11.5.0 |
Structures¶
Structure
Description
A struct that describes statistics for a specified DNSSEC zone.
A struct that describes DNSSEC zone statistics and timestamp.
A struct that describes a Secure Entry Point of a DNSSEC Zone.
Enumerations¶
| Enumeration | Description |
| HashAlgorithm | Hash algorithm used for creating digests of records. |
| TSIGAlgorithm | A list of DNSSEC TSIG Key algorithm types. |
Aliases¶
| Alias | Type | Description |
| DNSSECStatisticEntrySequence | DNSSECStatisticEntry [] | A sequence of DNSSEC zone statistics. |
| HashAlgorithmSequence | HashAlgorithm [] | Sequence of hash types. |
| SecureEntryPointSequence | SecureEntryPoint [] | A sequence of DNSSEC Zone Secure Entry Points. |
| SecureEntryPointSequenceSequence | SecureEntryPoint [] [] | A sequence of DNSSEC Zone Secure Entry Point sequences. |
| TSIGAlgorithmSequence | TSIGAlgorithm [] | A sequence of DNSSEC TSIG algorithms. |
See Also¶
iControl ::
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.