record:nsec3param : DNS NSEC3 record object.

An authoritative DNS server uses NSEC3PARAM RRs to determine which NSEC3 records it includes in its negative responses. An NSEC3PARAM RR contains the parameters that an authoritative server needs to calculate hashed owner names. As stated in RFC 5155, the presence of an NSEC3PARAM RR at a zone apex indicates that the specified parameters may be used by authoritative servers to choose an appropriate set of NSEC3 RRs for negative responses.

The NSEC3PARAM resource record is desribed in RFC 5155.

The NSEC3PARAM record is generated automatically upon the signing of the corresponding zone.

The name part of a DNS NSEC3PARAM object reference has the following components:

  • The name of the record.
  • The name of the view.

Example: record:nsec3param/ZG5zLmJpsaG9zdA:us.example.com/default.external

Object Reference

References to record:nsec3param are object references.

Restrictions

The object does not support the following operations:

  • Create (insert)
  • Delete
  • Modify (update)
  • Scheduling

The object cannot be managed on Cloud Platform members.

Fields

These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.

The basic version of the object contains the field(s): name, view.

algorithm

algorithm

The hash algorithm that was used.

Type

String.

Valid values are:
  • DSA
  • NSEC3DSA
  • NSEC3RSASHA1
  • RSAMD5
  • RSASHA1
  • RSASHA256
  • RSASHA512

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The algorithm cannot be updated.

algorithm cannot be written.

cloud_info

cloud_info

Structure containing all cloud API related information for this object.

Type

A/An Cloud Information struct.

Search

The field is not available for search.

Notes

The cloud_info cannot be updated.

cloud_info cannot be written.

creation_time

creation_time

The creation time of the record.

Type

Timestamp.

Search

The field is not available for search.

Notes

The creation_time cannot be updated.

creation_time cannot be written.

creator

creator

Creator of the record.

Type

String.

Valid values are:
  • DYNAMIC
  • STATIC
  • SYSTEM

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The creator cannot be updated.

creator cannot be written.

dns_name

dns_name

Name for an NSEC3PARAM record in punycode format.

Type

String.

Values with leading or trailing white space are not valid for this field.

Search

The field is not available for search.

Notes

The dns_name cannot be updated.

dns_name cannot be written.

flags

flags

The set of 8 one-bit flags, of which only one flag, the Opt-Out flag, is defined by RFC 5155. The Opt-Out flag indicates whether the NSEC3 record covers unsigned delegations.

Type

Unsigned integer.

Search

The field is available for search via

  • ‘=’ (exact equality)
  • ‘<=’ (less than search)
  • ‘>=’ (greater than search)

Notes

The flags cannot be updated.

flags cannot be written.

iterations

iterations

The number of times the hash function was performed.

Type

Unsigned integer.

Search

The field is available for search via

  • ‘=’ (exact equality)
  • ‘<=’ (less than search)
  • ‘>=’ (greater than search)

Notes

The iterations cannot be updated.

iterations cannot be written.

last_queried

last_queried

The time of the last DNS query in Epoch seconds format.

Type

Timestamp.

Search

The field is not available for search.

Notes

The last_queried cannot be updated.

last_queried cannot be written.

name

name

The name of the NSEC3PARAM record in FQDN format. It has to be the same as the zone, where the record resides.

Type

String.

Search

The field is available for search via

  • ‘:=’ (case insensitive search)
  • ‘=’ (exact equality)
  • ‘~=’ (regular expression)

Notes

The name is part of the base object.

The name cannot be updated.

name cannot be written.

salt

salt

A series of case-insensitive hexadecimal digits. It is appended to the original owner name as protection against pre-calculated dictionary attacks. A new salt value is generated when the ZSK rolls over, for which the user can control the period. For a random salt value, the selected length is between one and 15 octets.

Type

String.

Search

The field is not available for search.

Notes

The salt cannot be updated.

salt cannot be written.

ttl

ttl

The Time To Live (TTL) value for the record. A 32-bit unsigned integer that represents the duration, in seconds, for which the record is valid (cached). Zero indicates that the record should not be cached.

Type

Unsigned integer.

Search

The field is not available for search.

Notes

ttl is associated with the field use_ttl (see use flag).

The ttl cannot be updated.

ttl cannot be written.

use_ttl

use_ttl

Use flag for: ttl

Type

Bool.

Search

The field is not available for search.

Notes

The use_ttl cannot be updated.

use_ttl cannot be written.

view

view

The name of the DNS View in which the record resides. Example: “external”.

Type

String.

Values with leading or trailing white space are not valid for this field.

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The view is part of the base object.

The view cannot be updated.

view cannot be written.

zone

zone

The name of the zone in which the record resides. Example: “zone.com”. If a view is not specified when searching by zone, the default view is used.

Type

String.

Values with leading or trailing white space are not valid for this field.

Search

The field is available for search via

  • ‘=’ (exact equality)

Notes

The zone cannot be updated.

zone cannot be written.

Fields List

Field Type Req R/O Base Search
algorithm String N Y N =
cloud_info struct N Y N N/A
creation_time Timestamp N Y N N/A
creator String N Y N =
dns_name String N Y N N/A
flags Unsigned int N Y N < = >
iterations Unsigned int N Y N < = >
last_queried Timestamp N Y N N/A
name String N Y Y : = ~
salt String N Y N N/A
ttl Unsigned int N Y N N/A
use_ttl Bool N Y N N/A
view String N Y Y =
zone String N Y N =