.. _dnssec: dnssec ====== Domain Name System Security Extensions commands dnssec Specification -------------------- ===================================== =============================================== ===================================== =============================================== **Type** *Configuration Resource* **Element Name** dnssec **Element URI** /axapi/v3/dnssec **Element Attributes** dnssec_attributes **Operational Data URI** /axapi/v3/dnssec/oper **Schema** :download:`dnssec schema ` ===================================== =============================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/dnssec .. raw:: html :ref:`674_dnssec_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/dnssec .. raw:: html :ref:`674_dnssec_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/dnssec .. raw:: html :ref:`674_dnssec_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/dnssec .. raw:: html :ref:`674_dnssec_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/dnssec .. raw:: html :ref:`674_dnssec_attributes` .. raw:: html
.. _674_dnssec_attributes: dnssec attributes ----------------- **dnskey** **Description:** dnskey is a **JSON Block**. Please see below for :ref:`674_dnskey` **Type:** Object **Reference Object:** :doc:`/axapi/v3/dnssec/dnskey ` **ds** **Description:** ds is a **JSON Block**. Please see below for :ref:`674_ds` **Type:** Object **Reference Object:** :doc:`/axapi/v3/dnssec/ds ` **key-rollover** **Description:** key-rollover is a **JSON Block**. Please see below for :ref:`674_key-rollover` **Type:** Object **Reference Object:** :doc:`/axapi/v3/dnssec/key-rollover ` **sign-zone-now** **Description:** sign-zone-now is a **JSON Block**. Please see below for :ref:`674_sign-zone-now` **Type:** Object **Reference Object:** :doc:`/axapi/v3/dnssec/sign-zone-now ` **standalone** **Description** Run DNSSEC in standalone mode, in GSLB group mode by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/dnssec/template/{dnssec-temp-name} ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _674_key-rollover: key-rollover ^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dnssec-key-type** **Description** 'ZSK': Zone Signing Key; 'KSK': Key Signing Key; **Type:** string **Supported Values:** ZSK, KSK **ds-ready-in-parent-zone** **Description** DS RR is already ready in the parent zone **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ksk-start** **Description** start KSK rollover in emergency mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **zone-name** **Description** Specify the name for the DNS zone **Type:** string **Maximum Length:** 127 characters **Maximum Length:** 1 characters **zsk-start** **Description** start ZSK rollover in emergency mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _674_sign-zone-now: sign-zone-now ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-name** **Description** Specify the name for the DNS zone, empty means sign all zones **Type:** string **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _674_dnskey: dnskey ^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **key-delete** **Description** Delete the DNSKEY file **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **zone-name** **Description** DNS zone name of the child zone **Type:** string **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _674_template-list: template-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **algorithm** **Description** 'RSASHA1': RSASHA1 algorithm; 'RSASHA256': RSASHA256 algorithm; 'RSASHA512': RSASHA512 algorithm; **Type:** string **Supported Values:** RSASHA1, RSASHA256, RSASHA512 **combinations-limit** **Description** the max number of combinations per RRset (Default value is 31) **Type:** number **Range:** 1-65535 **dnskey-ttl-k** **Description** The TTL value of DNSKEY RR **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dnskey-ttl-v** **Description** in seconds, 14400 seconds by default **Type:** number **Range:** 1-864000 **Default:** 14400 **dnssec-temp-name** **Description** DNSSEC Template Name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dnssec-template-ksk** **Description:** dnssec-template-ksk is a **JSON Block**. Please see below for :ref:`674_template-list_dnssec-template-ksk` **Type:** Object **dnssec-template-zsk** **Description:** dnssec-template-zsk is a **JSON Block**. Please see below for :ref:`674_template-list_dnssec-template-zsk` **Type:** Object **enable-nsec3** **Description** enable NSEC3 support. disabled by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hsm** **Description** specify the HSM template **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/hsm/template ` **return-nsec-on-failure** **Description** return NSEC/NSEC3 or not on failure case. return by default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 1 **signature-validity-period-k** **Description** The period that a signature is valid **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **signature-validity-period-v** **Description** in days, 10 days by default **Type:** number **Range:** 5-30 **Default:** 10 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _674_template-list_dnssec-template-ksk: template-list_dnssec-template-ksk ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ksk-keysize-k** **Description** Specify the number of bits in the DNSSEC KSK keys **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ksk-keysize-v** **Description** Default size is 2048 and must be an exact multiple of 64 **Type:** number **Range:** 1024-4096 **ksk-lifetime-k** **Description** Set the lifetime for DNSSEC KSK keys in days **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ksk-lifetime-v** **Description** Default value is 365 days **Type:** number **Range:** 2-3650 **ksk-rollover-time-k** **Description** Set the rollover time in days **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **zsk-rollover-time-v** **Description** 7 days less than the lifetime by default **Type:** number **Range:** 1-3650 **Default:** 358 .. _674_template-list_dnssec-template-zsk: template-list_dnssec-template-zsk ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **zsk-keysize-k** **Description** Specify the number of bits in the DNSSEC ZSK keys **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **zsk-keysize-v** **Description** Default size is 2048 and must be an exact multiple of 64 **Type:** number **Range:** 1024-4096 **zsk-lifetime-k** **Description** Set the lifetime for DNSSEC ZSK keys in days **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **zsk-lifetime-v** **Description** Default value is 90 days **Type:** number **Range:** 2-3650 **Default:** 90 **zsk-rollover-time-k** **Description** Set the rollover time in days **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **zsk-rollover-time-v** **Description** 7 days less than the lifetime by default **Type:** number **Range:** 1-3650 **Default:** 83 .. _674_ds: ds ^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ds-delete** **Description** Delete the DS file **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **zone-name** **Description** DNS zone name of the child zone **Type:** string **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _674_oper_data: operational data ---------------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - ptr_memory - number - ptr_memory * - - total_memory - number - total_memory * - - reference_objects - number - reference_objects * - - mx_objects - number - mx_objects * - - ds_objects - number - ds_objects * - - nsec_objects - number - nsec_objects * - - array_memory - number - array_memory * - - nsec3param_objects - number - nsec3param_objects * - - srv_memory - number - srv_memory * - - reference_memory - number - reference_memory * - - srv_objects - number - srv_objects * - - table_memory - number - table_memory * - - a_objects - number - a_objects * - - ns_memory - number - ns_memory * - - aaaa_memory - number - aaaa_memory * - - zone_objects - number - zone_objects * - - table_objects - number - table_objects * - - mx_memory - number - mx_memory * - - soa_memory - number - soa_memory * - - domain_objects - number - domain_objects * - - nsec_memory - number - nsec_memory * - - nsec3_objects - number - nsec3_objects * - - a_memory - number - a_memory * - - array_objects - number - array_objects * - - total_objects - number - total_objects * - - soa_objects - number - soa_objects * - - ds_memory - number - ds_memory * - - cname_objects - number - cname_objects * - - domain_memory - number - domain_memory * - - nsec3param_memory - number - nsec3param_memory * - - txt_memory - number - txt_memory * - - dnskey_memory - number - dnskey_memory * - - ns_objects - number - ns_objects * - - ptr_objects - number - ptr_objects * - - aaaa_objects - number - aaaa_objects * - - cname_memory - number - cname_memory * - - txt_objects - number - txt_objects * - - rrsig_objects - number - rrsig_objects * - - rrsig2_memory - number - rrsig2_memory * - - nsec3_memory - number - nsec3_memory * - - zone_memory - number - zone_memory * - - rrsig2_objects - number - rrsig2_objects * - - rrsig_memory - number - rrsig_memory * - - dnskey_objects - number - dnskey_objects