- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Certificate resource records may use the domain name system security extensions (DNSSEC) algorithm numbers in this registry. DNSSEC zone signing and transaction security mechanisms (SIG(0) and TSIG) make use of subsets of these algorithms. Use the Google recommended algorithms for key signing.
Note: The SHA1 algorithm has been removed from general use by Google, and if being used, needs to be safe listed on a project basis by Google, which require a Google Cloud support contract.
Use DNSSEC algorithm numbers from this registry in certificate resource records. When enabling DNSSEC for a managed zone or creating a managed zone with DNSSEC, select the DNSSEC signing algorithms and the denial-of-existence type. Changing the DNSSEC settings is only effective for a managed zone if DNSSEC is not already enabled. If you need to change the settings for a managed zone where it has been enabled, turn DNSSEC off and then re-enable it with different settings.
note: RSASHA1 zone-signing support may be required for compatibility reasons. note: The remediation CLI works well with gcloud-cli version 221.0.0 and later.
If you need to change the settings for a managed zone where it has been enabled, DNSSEC must be turned off and then re-enabled with different settings. To turn off DNSSEC, run this command:
gcloud dns managed-zones update ZONE_NAME --dnssec-state off
To update zone-signing for a reported managed DNS Zone, run the following command:
gcloud dns managed-zones update ZONE_NAME --dnssec-state on --ksk-algorithm KSK_ALGORITHM --ksk-key-length KSK_KEY_LENGTH --zsk-algorithm ZSK_ALGORITHM --zsk-key-length ZSK_KEY_LENGTH --denial-of-existence DENIAL_OF_EXISTENCE