DnssecSigningAttributes - Amazon Route 53
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

DnssecSigningAttributes

Information about a delegation signer (DS) record that was created in the registry by AssociateDelegationSignerToDomain.

Contents

Algorithm

Algorithm which was used to generate the digest from the public key.

Type: Integer

Required: No

Flags

Defines the type of key. It can be either a KSK (key-signing-key, value 257) or ZSK (zone-signing-key, value 256). Using KSK is always encouraged. Only use ZSK if your DNS provider isn't Route 53 and you don’t have KSK available.

If you have KSK and ZSK keys, always use KSK to create a delegations signer (DS) record. If you have ZSK keys only – use ZSK to create a DS record.

Type: Integer

Required: No

PublicKey

The base64-encoded public key part of the key pair that is passed to the registry.

Type: String

Length Constraints: Maximum length of 32768.

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: