ltm dns dnssec zone
ltm dns dnssec zone(1) BIG-IP TMSH Manual ltm dns dnssec zone(1)
NAME
zone - Configures DNSSEC zones on the BIG-IP(r) system.
MODULE
ltm dns dnssec
SYNTAX
Configure the zone component within the ltm dns dnssec module using the
syntax in the following sections.
CREATE/MODIFY
create zone [name]
modify zone [name]
options:
app-service [[string] | none]
description [string]
[enabled | disabled]
ds-algorithm [ SHA1 | SHA256 ]
indicate-authenticated [ enabled | disabled ]
keys
[add | delete | modify | replace-all-with] {
[key name ...]
}
keys none
nsec3-algorithm [ SHA1 ]
nsec3-iterations [unsigned integer]
edit zone [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
reset-stats zone
reset-stats zone [ [ [name] | [glob] | [regex] ] ... ]
DISPLAY
list zone
list zone [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
seps
show zone [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
global
field-fmt
DELETE
delete zone [name]
DESCRIPTION
You can use the zone component to configure and view information about
a DNSSEC zone.
EXAMPLES
list zone mySecureZone
Displays the properties of the DNSSEC zone named mySecureZone.
OPTIONS
app-service
Specifies the name of the application service to which the zone
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the zone. Only the application service
can modify or delete the zone.
description
User defined description.
ds-algorithm
Specifies the hash algorithm to use when creating the Delegation
Signer (DS) resource record. The default value is SHA1.
[enabled | disabled]
Specifies whether the DNSSEC zone is enabled or disabled.
Note: You must associate both a key signing and a zone signing key
with the zone before complete signing of client requests can
occur.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
indicate-authenticated
The Authenticated Data (AD) flag is TRUE for DNSSEC zone
authoritative answers when this setting is enabled. The default
value is disabled.
keys Specifies the keys that you want to configure for the zone.
name Specifies a unique name for the component. This option is required
for the commands create, delete, and modify.
nsec3-algorithm
Specifies the hash algorithm to use when creating the Next Secure
(NSEC3) resource record. The default value is SHA1. Other
algorithms are not currently supported, so selecting SHA256 will
revert to SHA1 with a warning message.
nsec3-iterations
Specifies the number of times to hash the Next Secure (NSEC3)
names. The default value is 1."
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
seps Displays the Secure Entry Point(s) (DS and DNSKEY resource records
used as client trust anchors) of the zone, including the
following:
dnskey
String representation of the DNSKEY resource record.
ds String representation of the DS resource record.
generation-id
ID of DNSSEC Key Generation used to create the SEP.
key-name
Name of DNSSEC Key which was used to create the SEP.
xfr-primary-soa-serial
The learned zone SOA serial number from the primary server.
xfr-soa-serial
The advertised zone SOA serial number to all clients.
SEE ALSO
create, delete, edit, glob, list, modify, regex, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2013, 2015-2016. All rights
reserved.
BIG-IP 2016-03-14 ltm dns dnssec zone(1)