import * as pulumi from "@pulumi/pulumi";
/**
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as cloudflare from "@pulumi/cloudflare";
 *
 * const exampleZoneDnssec = new cloudflare.ZoneDnssec("example_zone_dnssec", {
 *     zoneId: "023e105f4ecef8ad9ca31a8372d0c353",
 *     dnssecMultiSigner: false,
 *     dnssecPresigned: true,
 *     dnssecUseNsec3: false,
 *     status: "active",
 * });
 * ```
 *
 * ## Import
 *
 * ```sh
 * $ pulumi import cloudflare:index/zoneDnssec:ZoneDnssec example '<zone_id>'
 * ```
 */
export declare class ZoneDnssec extends pulumi.CustomResource {
    /**
     * Get an existing ZoneDnssec resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ZoneDnssecState, opts?: pulumi.CustomResourceOptions): ZoneDnssec;
    /**
     * Returns true if the given object is an instance of ZoneDnssec.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is ZoneDnssec;
    /**
     * Algorithm key code.
     */
    readonly algorithm: pulumi.Output<string>;
    /**
     * Digest hash.
     */
    readonly digest: pulumi.Output<string>;
    /**
     * Type of digest algorithm.
     */
    readonly digestAlgorithm: pulumi.Output<string>;
    /**
     * Coded type for digest algorithm.
     */
    readonly digestType: pulumi.Output<string>;
    /**
     * If true, multi-signer DNSSEC is enabled on the zone, allowing multiple
     * providers to serve a DNSSEC-signed zone at the same time.
     * This is required for DNSKEY records (except those automatically
     * generated by Cloudflare) to be added to the zone.
     */
    readonly dnssecMultiSigner: pulumi.Output<boolean | undefined>;
    /**
     * If true, allows Cloudflare to transfer in a DNSSEC-signed zone including signatures from an external provider, without
     * requiring Cloudflare to sign any records on the fly. Note that this feature has some limitations. See [Cloudflare as
     * Secondary](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/#dnssec) for
     * details.
     */
    readonly dnssecPresigned: pulumi.Output<boolean | undefined>;
    /**
     * If true, enables the use of NSEC3 together with DNSSEC on the zone. Combined with setting dnssecPresigned to true, this
     * enables the use of NSEC3 records when transferring in from an external provider. If dnssecPresigned is instead set to
     * false (default), NSEC3 records will be generated and signed at request time. See [DNSSEC with
     * NSEC3](https://developers.cloudflare.com/dns/dnssec/enable-nsec3/) for details.
     */
    readonly dnssecUseNsec3: pulumi.Output<boolean | undefined>;
    /**
     * Full DS record.
     */
    readonly ds: pulumi.Output<string>;
    /**
     * Flag for DNSSEC record.
     */
    readonly flags: pulumi.Output<number>;
    /**
     * Code for key tag.
     */
    readonly keyTag: pulumi.Output<number>;
    /**
     * Algorithm key type.
     */
    readonly keyType: pulumi.Output<string>;
    /**
     * When DNSSEC was last modified.
     */
    readonly modifiedOn: pulumi.Output<string>;
    /**
     * Public key for DS record.
     */
    readonly publicKey: pulumi.Output<string>;
    /**
     * Status of DNSSEC, based on user-desired state and presence of necessary records. Available values: "active", "disabled".
     */
    readonly status: pulumi.Output<string | undefined>;
    /**
     * Identifier.
     */
    readonly zoneId: pulumi.Output<string>;
    /**
     * Create a ZoneDnssec resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: ZoneDnssecArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering ZoneDnssec resources.
 */
export interface ZoneDnssecState {
    /**
     * Algorithm key code.
     */
    algorithm?: pulumi.Input<string>;
    /**
     * Digest hash.
     */
    digest?: pulumi.Input<string>;
    /**
     * Type of digest algorithm.
     */
    digestAlgorithm?: pulumi.Input<string>;
    /**
     * Coded type for digest algorithm.
     */
    digestType?: pulumi.Input<string>;
    /**
     * If true, multi-signer DNSSEC is enabled on the zone, allowing multiple
     * providers to serve a DNSSEC-signed zone at the same time.
     * This is required for DNSKEY records (except those automatically
     * generated by Cloudflare) to be added to the zone.
     */
    dnssecMultiSigner?: pulumi.Input<boolean>;
    /**
     * If true, allows Cloudflare to transfer in a DNSSEC-signed zone including signatures from an external provider, without
     * requiring Cloudflare to sign any records on the fly. Note that this feature has some limitations. See [Cloudflare as
     * Secondary](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/#dnssec) for
     * details.
     */
    dnssecPresigned?: pulumi.Input<boolean>;
    /**
     * If true, enables the use of NSEC3 together with DNSSEC on the zone. Combined with setting dnssecPresigned to true, this
     * enables the use of NSEC3 records when transferring in from an external provider. If dnssecPresigned is instead set to
     * false (default), NSEC3 records will be generated and signed at request time. See [DNSSEC with
     * NSEC3](https://developers.cloudflare.com/dns/dnssec/enable-nsec3/) for details.
     */
    dnssecUseNsec3?: pulumi.Input<boolean>;
    /**
     * Full DS record.
     */
    ds?: pulumi.Input<string>;
    /**
     * Flag for DNSSEC record.
     */
    flags?: pulumi.Input<number>;
    /**
     * Code for key tag.
     */
    keyTag?: pulumi.Input<number>;
    /**
     * Algorithm key type.
     */
    keyType?: pulumi.Input<string>;
    /**
     * When DNSSEC was last modified.
     */
    modifiedOn?: pulumi.Input<string>;
    /**
     * Public key for DS record.
     */
    publicKey?: pulumi.Input<string>;
    /**
     * Status of DNSSEC, based on user-desired state and presence of necessary records. Available values: "active", "disabled".
     */
    status?: pulumi.Input<string>;
    /**
     * Identifier.
     */
    zoneId?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a ZoneDnssec resource.
 */
export interface ZoneDnssecArgs {
    /**
     * If true, multi-signer DNSSEC is enabled on the zone, allowing multiple
     * providers to serve a DNSSEC-signed zone at the same time.
     * This is required for DNSKEY records (except those automatically
     * generated by Cloudflare) to be added to the zone.
     */
    dnssecMultiSigner?: pulumi.Input<boolean>;
    /**
     * If true, allows Cloudflare to transfer in a DNSSEC-signed zone including signatures from an external provider, without
     * requiring Cloudflare to sign any records on the fly. Note that this feature has some limitations. See [Cloudflare as
     * Secondary](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/#dnssec) for
     * details.
     */
    dnssecPresigned?: pulumi.Input<boolean>;
    /**
     * If true, enables the use of NSEC3 together with DNSSEC on the zone. Combined with setting dnssecPresigned to true, this
     * enables the use of NSEC3 records when transferring in from an external provider. If dnssecPresigned is instead set to
     * false (default), NSEC3 records will be generated and signed at request time. See [DNSSEC with
     * NSEC3](https://developers.cloudflare.com/dns/dnssec/enable-nsec3/) for details.
     */
    dnssecUseNsec3?: pulumi.Input<boolean>;
    /**
     * Status of DNSSEC, based on user-desired state and presence of necessary records. Available values: "active", "disabled".
     */
    status?: pulumi.Input<string>;
    /**
     * Identifier.
     */
    zoneId: pulumi.Input<string>;
}