The OCID of the compartment containing the zone.
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.
Example: {@code {"Operations": {"CostCenter": "42"}}}
The state of DNSSEC on the zone.
For DNSSEC to function, every parent zone in the DNS tree up to the top-level domain (or an independent trust anchor) must also have DNSSEC correctly set up. After enabling DNSSEC, you must add a DS record to the zone's parent zone containing the {@code KskDnssecKeyVersion} data. You can find the DS data in the {@code dsData} attribute of the {@code KskDnssecKeyVersion}. Then, use the {@code PromoteZoneDnssecKeyVersion} operation to promote the {@code KskDnssecKeyVersion}.
New {@code KskDnssecKeyVersion}s are generated annually, a week before the existing {@code KskDnssecKeyVersion}'s expiration. To rollover a {@code KskDnssecKeyVersion}, you must replace the parent zone's DS record containing the old {@code KskDnssecKeyVersion} data with the data from the new {@code KskDnssecKeyVersion}.
To remove the old DS record without causing service disruption, wait until the old DS record's TTL has expired, and the new DS record has propagated. After the DS replacement has been completed, then the {@code PromoteZoneDnssecKeyVersion} operation must be called.
Metrics are emitted in the {@code oci_dns} namespace daily for each {@code KskDnssecKeyVersion} indicating how many days are left until expiration. We recommend that you set up alarms and notifications for KskDnssecKeyVersion expiration so that the necessary parent zone updates can be made and the {@code PromoteZoneDnssecKeyVersion} operation can be called.
Enabling DNSSEC results in additional records in DNS responses which increases their size and can cause higher response latency.
For more information, see [DNSSEC](https://docs.cloud.oracle.com/iaas/Content/DNS/Concepts/dnssec.htm).
External secondary servers for the zone. This field is currently not supported when {@code zoneType} is {@code SECONDARY} or {@code scope} is {@code PRIVATE}.
External master servers for the zone. {@code externalMasters} becomes a required parameter when the {@code zoneType} value is {@code SECONDARY}.
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.
Example: {@code {"Department": "Finance"}}
The name of the zone.
Global zone names must be unique across all other zones within the realm. Private zone names must be unique within their view.
Unicode characters will be converted into punycode, see [RFC 3492](https://tools.ietf.org/html/rfc3492).
The scope of the zone.
This value will be null for zones in the global DNS.
The type of the zone. Must be either {@code PRIMARY} or {@code SECONDARY}. {@code SECONDARY} is only supported for GLOBAL zones.
The body for defining a new zone.
*Warning:** Oracle recommends that you avoid using any confidential information when you supply string values using the API.