Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Synopsis
- data DnssecKey = DnssecKey' {}
- newDnssecKey :: DnssecKey
- dnssecKey_algorithm :: Lens' DnssecKey (Maybe Int)
- dnssecKey_digest :: Lens' DnssecKey (Maybe Text)
- dnssecKey_digestType :: Lens' DnssecKey (Maybe Int)
- dnssecKey_flags :: Lens' DnssecKey (Maybe Int)
- dnssecKey_id :: Lens' DnssecKey (Maybe Text)
- dnssecKey_keyTag :: Lens' DnssecKey (Maybe Int)
- dnssecKey_publicKey :: Lens' DnssecKey (Maybe Text)
Documentation
Information about the DNSSEC key.
You get this from your DNS provider and then give it to Route 53 (by using AssociateDelegationSignerToDomain) to pass it to the registry to establish the chain of trust.
See: newDnssecKey
smart constructor.
DnssecKey' | |
|
Instances
newDnssecKey :: DnssecKey Source #
Create a value of DnssecKey
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:algorithm:DnssecKey'
, dnssecKey_algorithm
- The number of the public key’s cryptographic algorithm according to an
IANA
assignment.
If Route 53 is your DNS service, set this to 13.
For more information about enabling DNSSEC signing, see Enabling DNSSEC signing and establishing a chain of trust.
$sel:digest:DnssecKey'
, dnssecKey_digest
- The delegation signer digest.
Digest is calculated from the public key provided using specified digest algorithm and this digest is the actual value returned from the registry nameservers as the value of DS records.
$sel:digestType:DnssecKey'
, dnssecKey_digestType
- The number of the DS digest algorithm according to an IANA assignment.
For more information, see IANA for DNSSEC Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms.
$sel:flags:DnssecKey'
, dnssecKey_flags
- Defines the type of key. It can be either a KSK (key-signing-key, value
257) or ZSK (zone-signing-key, value 256). Using KSK is always
encouraged. Only use ZSK if your DNS provider isn't Route 53 and you
don’t have KSK available.
If you have KSK and ZSK keys, always use KSK to create a delegations signer (DS) record. If you have ZSK keys only – use ZSK to create a DS record.
$sel:id:DnssecKey'
, dnssecKey_id
- An ID assigned to each DS record created by
AssociateDelegationSignerToDomain.
$sel:keyTag:DnssecKey'
, dnssecKey_keyTag
- A numeric identification of the DNSKEY record referred to by this DS
record.
$sel:publicKey:DnssecKey'
, dnssecKey_publicKey
- The base64-encoded public key part of the key pair that is passed to the
registry .
dnssecKey_algorithm :: Lens' DnssecKey (Maybe Int) Source #
The number of the public key’s cryptographic algorithm according to an IANA assignment.
If Route 53 is your DNS service, set this to 13.
For more information about enabling DNSSEC signing, see Enabling DNSSEC signing and establishing a chain of trust.
dnssecKey_digest :: Lens' DnssecKey (Maybe Text) Source #
The delegation signer digest.
Digest is calculated from the public key provided using specified digest algorithm and this digest is the actual value returned from the registry nameservers as the value of DS records.
dnssecKey_digestType :: Lens' DnssecKey (Maybe Int) Source #
The number of the DS digest algorithm according to an IANA assignment.
For more information, see IANA for DNSSEC Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms.
dnssecKey_flags :: Lens' DnssecKey (Maybe Int) Source #
Defines the type of key. It can be either a KSK (key-signing-key, value 257) or ZSK (zone-signing-key, value 256). Using KSK is always encouraged. Only use ZSK if your DNS provider isn't Route 53 and you don’t have KSK available.
If you have KSK and ZSK keys, always use KSK to create a delegations signer (DS) record. If you have ZSK keys only – use ZSK to create a DS record.
dnssecKey_id :: Lens' DnssecKey (Maybe Text) Source #
An ID assigned to each DS record created by AssociateDelegationSignerToDomain.