Your browser don't permit web-fonts to be installed. Our websites use web-fonts based icons. For a better experience please allow your browser to use web-fonts.
We are hiring!
Deutsch | English | Español

2.8. Dnssec

The dnssec object provides methods to manage DNSSEC for your domains.

2.8.1. dnssec.adddnskey

Add one DNSKEY to a specified domain. Currently, only ZONE+SEP keys (flag value 257) are accepted. This does not overwrite or delete existing DNSKEYs to allow for key rollovers.

2.8.1.1. Input

Table 2.87. Parameters

ParameterDescriptionTypeRequiredDefault
domainNameName of the domain to add the DNSKEY for. text255 true 
dnskeyPresentation value for the DNSKEY to add. Example: domain.tld. IN DNSKEY 257 3 13 ac12c2... dnskey false 
dsOptional presentation value for the corresponding DS record (digest information). Example: domain.tld. IN DS 1234 13 2 56DC12... ds false 
calculateDigestIf TRUE, the digest values for this DNSKEY will be calculated. Overrides ds parameter. boolean falsefalse
digestTypeThis value determines the type of digest which will be calculated. Defaults to 2 (SHA256). dnssecDigestType false2

2.8.1.2. Output

Table 2.88. Parameters

ParameterDescriptionTypeOptional
dnskeyPresentation value for the DNSKEY. Example: domain.tld. IN DNSKEY 257 3 13 ac12c2... dnskey  
dsOptional presentation value for the corresponding DS record (digest information). Example: domain.tld. IN DS 1234 13 2 56DC12... ds  

2.8.2. dnssec.deleteall

Delete all DNSKEY/DS entries for a domain.

2.8.2.1. Input

Table 2.89. Parameters

ParameterDescriptionTypeRequiredDefault
domainNameName of the domain to delete all DNSKEY/DS records for. text255 true 

2.8.2.2. Output

No additional return parameters

2.8.3. dnssec.deletednskey

Delete one DNSKEY from a specified domain.

2.8.3.1. Input

Table 2.90. Parameters

ParameterDescriptionTypeRequiredDefault
keyID of the DNSKEY to delete. int true 

2.8.3.2. Output

No additional return parameters

2.8.4. dnssec.disablednssec

Disable automated DNSSEC management for a domain. This flags the domain for DNSKEY removal - all keys will be destroyed.

2.8.4.1. Input

Table 2.91. Parameters

ParameterDescriptionTypeRequiredDefault
domainNameName of the domain to disable DNSSEC for. text255 true 

2.8.4.2. Output

No additional return parameters

2.8.5. dnssec.enablednssec

Enable automated DNSSEC management for a domain.

2.8.5.1. Input

Table 2.92. Parameters

ParameterDescriptionTypeRequiredDefault
domainNameName of the domain to enable DNSSEC for. text255 true 

2.8.5.2. Output

No additional return parameters

2.8.6. dnssec.info

Get current DNSSEC information.

2.8.6.1. Input

Table 2.93. Parameters

ParameterDescriptionTypeRequiredDefault
domainsOptionally limit info to given domains. array_text255 false 

2.8.6.2. Output

Table 2.94. Parameters

ParameterDescriptionTypeOptional
dataList of domains and their DNSSEC status array  
... domainDomain name. text255  
... keyCountCount of DNSSEC keys for this domain. int  
... dnssecStatusDomain DNSSEC status. dnssecDomainStatus  

2.8.7. dnssec.listkeys

Search and list manually managed DNSSEC keys.

2.8.7.1. Input

Table 2.95. Parameters

ParameterDescriptionTypeRequiredDefault
domainNameSearch for DNSSEC data for the given domain. text0255 false 
domainNameIdnSearch for DNSSEC data for the given ACE domain name. text0255 false 
keyTagSearch for DNSKEY entries with the given key tag. int false 
flagIdSearch for DNSKEY entries with the given flags value. dnssecFlag false 
algorithmIdSearch for DNSKEY entries with the given algorithm. dnssecAlgorithm false 
publicKeySearch for DNSKEY entries with the given public key. text false 
digestTypeIdSearch DNSKEY entries with the given digest type. dnssecDigestType false 
digestSearch DNSKEY entries with the given digest. text0255 false 
createdBeforeSearch DNSKEY entries created before this time. dateTime false 
createdAfterSearch DNSKEY entries created after this time. dateTime false 
statusSearch DNSKEY entries with this status. dnssecKeyStatus false 
activeSearch DNSKEY entries which are active (1) or inactive (0). int false 
pagePage number for paging int false1
pagelimitMax number of results per page. 0 is no limit int false0

2.8.7.2. Output

Table 2.96. Parameters

ParameterDescriptionTypeOptional
dnskey   
... ownerNameThe domain name that owns the DNSSEC key. text0255  
... idThe unique identifier for the DNSSEC key. int  
... domainIdThe identifier for the domain associated with the DNSSEC key. int  
... keyTagThe key tag associated with the DNSSEC key. int  
... flagIdThe flag ID of the DNSSEC key. dnssecFlag  
... algorithmIdThe algorithm ID used by the DNSSEC key. dnssecAlgorithm  
... publicKeyThe public key for the DNSSEC key. text  
... digestTypeIdThe digest type ID associated with the DNSSEC key. dnssecDigestType  
... digestThe digest associated with the DNSSEC key. text0255  
... createdThe date and time when the DNSSEC key was created. dateTime  
... statusThe status of the DNSSEC key (e.g., OK, DELETED). dnssecKeyStatus  
... activeIndicates if the DNSSEC key is active (1) or inactive (0). int