dnssec

Domain Name System Security Extensions commands

dnssec Specification

Type	Configuration Resource
Element Name	dnssec
Element URI	/axapi/v3/dnssec
Element Attributes	dnssec_attributes
Operational Data URI	/axapi/v3/dnssec/oper
Schema	dnssec schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/dnssec	dnssec attributes
Get Object	GET	/axapi/v3/dnssec	dnssec attributes
Modify Object	POST	/axapi/v3/dnssec	dnssec attributes
Replace Object	PUT	/axapi/v3/dnssec	dnssec attributes
Delete Object	DELETE	/axapi/v3/dnssec	dnssec attributes

dnssec attributes

dnskey

Description: dnskey is a JSON Block. Please see below for dnskey

Type: Object

Refernce Object: /axapi/v3/dnssec/dnskey

ds

Description: ds is a JSON Block. Please see below for ds

Type: Object

Refernce Object: /axapi/v3/dnssec/ds

key-rollover

Description: key-rollover is a JSON Block. Please see below for key-rollover

Type: Object

Refernce Object: /axapi/v3/dnssec/key-rollover

sign-zone-now

Description: sign-zone-now is a JSON Block. Please see below for sign-zone-now

Type: Object

Refernce Object: /axapi/v3/dnssec/sign-zone-now

standalone

Description Run DNSSEC in standalone mode, in GSLB group mode by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template-list

Type: List

Refernce Object: /axapi/v3/dnssec/template/{dnssec-temp-name}

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

key-rollover

Specification
Type	object

dnssec-key-type

Description ‘ZSK’: Zone Signing Key; ‘KSK’: Key Signing Key;

Type: string

Supported Values: ZSK, KSK

ds-ready-in-parent-zone

Description DS RR is already ready in the parent zone

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ksk-start

Description start KSK rollover in emergency mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-name

Description Specify the name for the DNS zone

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

zsk-start

Description start ZSK rollover in emergency mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sign-zone-now

Specification
Type	object

zone-name

Description Specify the name for the DNS zone, empty means sign all zones

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

dnskey

Specification
Type	object

key-delete

Description Delete the DNSKEY file

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-name

Description DNS zone name of the child zone

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

template-list

Specification
Type	list
Block object keys

algorithm

Description ‘RSASHA1’: RSASHA1 algorithm; ‘RSASHA256’: RSASHA256 algorithm; ‘RSASHA512’: RSASHA512 algorithm;

Type: string

Supported Values: RSASHA1, RSASHA256, RSASHA512

combinations-limit

Description the max number of combinations per RRset (Default value is 31)

Type: number

Range: 1-65535

dnskey-ttl-k

Description The TTL value of DNSKEY RR

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dnskey-ttl-v

Description in seconds, 14400 seconds by default

Type: number

Range: 1-864000

Default: 14400

dnssec-temp-name

Description DNSSEC Template Name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

dnssec-template-ksk

Description: dnssec-template-ksk is a JSON Block. Please see below for template-list_dnssec-template-ksk

Type: Object

dnssec-template-zsk

Description: dnssec-template-zsk is a JSON Block. Please see below for template-list_dnssec-template-zsk

Type: Object

enable-nsec3

Description enable NSEC3 support. disabled by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hsm

Description specify the HSM template

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/hsm/template

return-nsec-on-failure

Description return NSEC/NSEC3 or not on failure case. return by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

signature-validity-period-k

Description The period that a signature is valid

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

signature-validity-period-v

Description in days, 10 days by default

Type: number

Range: 5-30

Default: 10

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template-list_dnssec-template-ksk

Specification
Type	object

ksk-keysize-k

Description Specify the number of bits in the DNSSEC KSK keys

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ksk-keysize-v

Description Default size is 2048 and must be an exact multiple of 64

Type: number

Range: 1024-4096

ksk-lifetime-k

Description Set the lifetime for DNSSEC KSK keys in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ksk-lifetime-v

Description Default value is 365 days

Type: number

Range: 2-3650

ksk-rollover-time-k

Description Set the rollover time in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-rollover-time-v

Description 7 days less than the lifetime by default

Type: number

Range: 1-3650

Default: 358

template-list_dnssec-template-zsk

Specification
Type	object

zsk-keysize-k

Description Specify the number of bits in the DNSSEC ZSK keys

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-keysize-v

Description Default size is 2048 and must be an exact multiple of 64

Type: number

Range: 1024-4096

zsk-lifetime-k

Description Set the lifetime for DNSSEC ZSK keys in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-lifetime-v

Description Default value is 90 days

Type: number

Range: 2-3650

Default: 90

zsk-rollover-time-k

Description Set the rollover time in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-rollover-time-v

Description 7 days less than the lifetime by default

Type: number

Range: 1-3650

Default: 83

ds

Specification
Type	object

ds-delete

Description Delete the DS file

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-name

Description DNS zone name of the child zone

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

operational data

	Counter	Size	Description
	ptr_memory	number	ptr_memory
	total_memory	number	total_memory
	reference_objects	number	reference_objects
	mx_objects	number	mx_objects
	ds_objects	number	ds_objects
	nsec_objects	number	nsec_objects
	array_memory	number	array_memory
	nsec3param_objects	number	nsec3param_objects
	srv_memory	number	srv_memory
	reference_memory	number	reference_memory
	srv_objects	number	srv_objects
	table_memory	number	table_memory
	a_objects	number	a_objects
	ns_memory	number	ns_memory
	aaaa_memory	number	aaaa_memory
	zone_objects	number	zone_objects
	table_objects	number	table_objects
	mx_memory	number	mx_memory
	soa_memory	number	soa_memory
	domain_objects	number	domain_objects
	nsec_memory	number	nsec_memory
	nsec3_objects	number	nsec3_objects
	a_memory	number	a_memory
	array_objects	number	array_objects
	total_objects	number	total_objects
	soa_objects	number	soa_objects
	ds_memory	number	ds_memory
	cname_objects	number	cname_objects
	domain_memory	number	domain_memory
	nsec3param_memory	number	nsec3param_memory
	txt_memory	number	txt_memory
	dnskey_memory	number	dnskey_memory
	ns_objects	number	ns_objects
	ptr_objects	number	ptr_objects
	aaaa_objects	number	aaaa_objects
	cname_memory	number	cname_memory
	txt_objects	number	txt_objects
	rrsig_objects	number	rrsig_objects
	rrsig2_memory	number	rrsig2_memory
	nsec3_memory	number	nsec3_memory
	zone_memory	number	zone_memory
	rrsig2_objects	number	rrsig2_objects
	rrsig_memory	number	rrsig_memory
	dnskey_objects	number	dnskey_objects