dnssec

Configure and manage Domain Name System Security Extensions (DNSSEC).

dnssec Specification

Type Configuration Resource
Element Name dnssec
Element URI /axapi/v3/dnssec
Element Attributes dnssec_attributes
Operational Data URI /axapi/v3/dnssec/oper
Schema dnssec schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/dnssec

dnssec Attributes

Get Object

GET

/axapi/v3/dnssec

dnssec Attributes

Modify Object

POST

/axapi/v3/dnssec

dnssec Attributes

Replace Object

PUT

/axapi/v3/dnssec

dnssec Attributes

Delete Object

DELETE

/axapi/v3/dnssec

dnssec Attributes

Get Oper

GET

/axapi/v3/dnssec/oper

operational data

dnssec Attributes

dnskey

Description: dnskey is a JSON Block . Please see below for dnskey

Type: Object

Reference Object: /axapi/v3/dnssec/dnskey

ds

Description: ds is a JSON Block . Please see below for ds

Type: Object

Reference Object: /axapi/v3/dnssec/ds

key-rollover

Description: key-rollover is a JSON Block . Please see below for key-rollover

Type: Object

Reference Object: /axapi/v3/dnssec/key-rollover

sign-zone-now

Description: sign-zone-now is a JSON Block . Please see below for sign-zone-now

Type: Object

Reference Object: /axapi/v3/dnssec/sign-zone-now

standalone

Description: Run DNSSEC in standalone mode, in GSLB group mode by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template-list

Description: template-list is a JSON List . Please see below for template-list

Type: List

Reference Object: /axapi/v3/dnssec/template/{dnssec-temp-name}

uuid

Description: uuid of the object

Type: string

key-rollover

Specification
Type object

dnssec-key-type

Description: ‘ZSK’: Zone Signing Key; ‘KSK’: Key Signing Key;

Type: string

Supported Values: ZSK, KSK

ds-ready-in-parent-zone

Description: DS RR is already ready in the parent zone

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ksk-start

Description: start KSK rollover in emergency mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-name

Description: Specify the name for the DNS zone

Type: string

zsk-start

Description: start ZSK rollover in emergency mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sign-zone-now

Specification
Type object

zone-name

Description: Specify the name for the DNS zone, empty means sign all zones

Type: string

dnskey

Specification
Type object

key-delete

Description: Delete the DNSKEY file

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-name

Description: DNS zone name of the child zone

Type: string

template-list

Specification
Type list
Block object keys

algorithm

Description: ‘RSASHA1’: RSASHA1 algorithm; ‘RSASHA256’: RSASHA256 algorithm; ‘RSASHA512’: RSASHA512 algorithm;

Type: string

Supported Values: RSASHA1, RSASHA256, RSASHA512

combinations-limit

Description: the max number of combinations per RRset (Default value is 31)

Type: number

Range: 1-65535

dnskey-ttl-k

Description: The TTL value of DNSKEY RR

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dnskey-ttl-v

Description: in seconds, 14400 seconds by default

Type: number

Range: 1-864000

Default: 14400

dnssec-temp-name

Description: DNSSEC Template Name

Type: string

dnssec-template-ksk

Description: dnssec-template-ksk is a JSON Block . Please see below for l885_dnssec-template-ksk

Type: Object

dnssec-template-zsk

Description: dnssec-template-zsk is a JSON Block . Please see below for l885_dnssec-template-zsk

Type: Object

enable-nsec3

Description: enable NSEC3 support. disabled by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hsm

Description: specify the HSM template

Type: string

Reference Object: /axapi/v3/hsm/template

return-nsec-on-failure

Description: return NSEC/NSEC3 or not on failure case. return by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

signature-validity-period-k

Description: The period that a signature is valid

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

signature-validity-period-v

Description: in days, 10 days by default

Type: number

Range: 5-30

Default: 10

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

template-list.dnssec-template-ksk

Specification
Type object

ksk-keysize-k

Description: Specify the number of bits in the DNSSEC KSK keys

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ksk-keysize-v

Description: Default size is 2048 and must be an exact multiple of 64

Type: number

Range: 1024-4096

ksk-lifetime-k

Description: Set the lifetime for DNSSEC KSK keys in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ksk-lifetime-v

Description: Default value is 365 days

Type: number

Range: 2-3650

ksk-rollover-time-k

Description: Set the rollover time in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-rollover-time-v

Description: 7 days less than the lifetime by default

Type: number

Range: 1-3650

Default: 358

template-list.dnssec-template-zsk

Specification
Type object

zsk-keysize-k

Description: Specify the number of bits in the DNSSEC ZSK keys

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-keysize-v

Description: Default size is 2048 and must be an exact multiple of 64

Type: number

Range: 1024-4096

zsk-lifetime-k

Description: Set the lifetime for DNSSEC ZSK keys in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-lifetime-v

Description: Default value is 90 days

Type: number

Range: 2-3650

Default: 90

zsk-rollover-time-k

Description: Set the rollover time in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-rollover-time-v

Description: 7 days less than the lifetime by default

Type: number

Range: 1-3650

Default: 83

ds

Specification
Type object

ds-delete

Description: Delete the DS file

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-name

Description: DNS zone name of the child zone

Type: string

operational data

Name Type Description
ptr_memory number ptr_memory
total_memory number total_memory
reference_objects number reference_objects
mx_objects number mx_objects
ds_objects number ds_objects
nsec_objects number nsec_objects
array_memory number array_memory
nsec3param_objects number nsec3param_objects
srv_memory number srv_memory
reference_memory number reference_memory
srv_objects number srv_objects
table_memory number table_memory
a_objects number a_objects
ns_memory number ns_memory
aaaa_memory number aaaa_memory
zone_objects number zone_objects
table_objects number table_objects
mx_memory number mx_memory
soa_memory number soa_memory
domain_objects number domain_objects
nsec_memory number nsec_memory
nsec3_objects number nsec3_objects
a_memory number a_memory
array_objects number array_objects
total_objects number total_objects
soa_objects number soa_objects
ds_memory number ds_memory
cname_objects number cname_objects
domain_memory number domain_memory
nsec3param_memory number nsec3param_memory
txt_memory number txt_memory
dnskey_memory number dnskey_memory
ns_objects number ns_objects
ptr_objects number ptr_objects
aaaa_objects number aaaa_objects
cname_memory number cname_memory
txt_objects number txt_objects
rrsig_objects number rrsig_objects
rrsig2_memory number rrsig2_memory
nsec3_memory number nsec3_memory
zone_memory number zone_memory
rrsig2_objects number rrsig2_objects
rrsig_memory number rrsig_memory
dnskey_objects number dnskey_objects