The OCID of the compartment containing the zone.
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.
Example: {@code {"Operations": {"CostCenter": "42"}}}
The state of DNSSEC on the zone.
For DNSSEC to function, every parent zone in the DNS tree up to the top-level domain (or an independent trust anchor) must also have DNSSEC correctly set up. After enabling DNSSEC, you must add a DS record to the zone's parent zone containing the {@code KskDnssecKeyVersion} data. You can find the DS data in the {@code dsData} attribute of the {@code KskDnssecKeyVersion}. Then, use the {@code PromoteZoneDnssecKeyVersion} operation to promote the {@code KskDnssecKeyVersion}.
New {@code KskDnssecKeyVersion}s are generated annually, a week before the existing {@code KskDnssecKeyVersion}'s expiration. To rollover a {@code KskDnssecKeyVersion}, you must replace the parent zone's DS record containing the old {@code KskDnssecKeyVersion} data with the data from the new {@code KskDnssecKeyVersion}.
To remove the old DS record without causing service disruption, wait until the old DS record's TTL has expired, and the new DS record has propagated. After the DS replacement has been completed, then the {@code PromoteZoneDnssecKeyVersion} operation must be called.
Metrics are emitted in the {@code oci_dns} namespace daily for each {@code KskDnssecKeyVersion} indicating how many days are left until expiration. We recommend that you set up alarms and notifications for KskDnssecKeyVersion expiration so that the necessary parent zone updates can be made and the {@code PromoteZoneDnssecKeyVersion} operation can be called.
Enabling DNSSEC results in additional records in DNS responses which increases their size and can cause higher response latency.
For more information, see [DNSSEC](https://docs.oracle.com/iaas/Content/DNS/Concepts/dnssec.htm).
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.
Example: {@code {"Department": "Finance"}}
The OCID of the zone.
A Boolean flag indicating whether or not parts of the resource are unable to be explicitly managed.
The current state of the zone resource.
The name of the zone.
The scope of the zone.
The canonical absolute URL of the resource.
The current serial of the zone. As seen in the zone's SOA record. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The date and time the resource was created in "YYYY-MM-ddThh:mm:ssZ" format with a Z offset, as defined by RFC 3339.
*Example:** {@code 2016-07-22T17:23:59:60Z}
Version is the never-repeating, totally-orderable, version of the zone, from which the serial field of the zone's SOA record is derived.
The OCID of the private view containing the zone. This value will be null for zones in the global DNS, which are publicly resolvable and not part of a private view.
The type of the zone. Must be either {@code PRIMARY} or {@code SECONDARY}. {@code SECONDARY} is only supported for GLOBAL zones.
A DNS zone.
*Warning:** Oracle recommends that you avoid using any confidential information when you supply string values using the API.