dnssec¶

Domain Name System Security Extensions commands

dnssec Specification¶

Type Configuration Resource

Element Name dnssec

Element URI /axapi/v3/dnssec

Element Attributes dnssec_attributes

Operational Data URI /axapi/v3/dnssec/oper

Schema dnssec schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/dnssec	dnssec attributes
Get Object	GET	/axapi/v3/dnssec	dnssec attributes
Modify Object	POST	/axapi/v3/dnssec	dnssec attributes
Replace Object	PUT	/axapi/v3/dnssec	dnssec attributes
Delete Object	DELETE	/axapi/v3/dnssec	dnssec attributes

dnssec attributes¶

dnskey

Description: dnskey is a JSON Block. Please see below for dnskey

Type: Object

Reference Object: /axapi/v3/dnssec/dnskey

ds

Description: ds is a JSON Block. Please see below for ds

Type: Object

Reference Object: /axapi/v3/dnssec/ds

key-rollover

Description: key-rollover is a JSON Block. Please see below for key-rollover

Type: Object

Reference Object: /axapi/v3/dnssec/key-rollover

sign-zone-now

Description: sign-zone-now is a JSON Block. Please see below for sign-zone-now

Type: Object

Reference Object: /axapi/v3/dnssec/sign-zone-now

standalone

Description Run DNSSEC in standalone mode, in GSLB group mode by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template-list

Type: List

Reference Object: /axapi/v3/dnssec/template/{dnssec-temp-name}

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

key-rollover¶

Specification

Type object

dnssec-key-type

Description ‘ZSK’: Zone Signing Key; ‘KSK’: Key Signing Key;

Type: string

Supported Values: ZSK, KSK

ds-ready-in-parent-zone

Description DS RR is already ready in the parent zone

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ksk-start

Description start KSK rollover in emergency mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-name

Description Specify the name for the DNS zone

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

zsk-start

Description start ZSK rollover in emergency mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sign-zone-now¶

Specification

Type object

zone-name

Description Specify the name for the DNS zone, empty means sign all zones

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

dnskey¶

Specification

Type object

key-delete

Description Delete the DNSKEY file

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-name

Description DNS zone name of the child zone

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

template-list¶

Specification

Type list

Block object keys

algorithm

Description ‘RSASHA1’: RSASHA1 algorithm; ‘RSASHA256’: RSASHA256 algorithm; ‘RSASHA512’: RSASHA512 algorithm;

Type: string

Supported Values: RSASHA1, RSASHA256, RSASHA512

combinations-limit

Description the max number of combinations per RRset (Default value is 31)

Type: number

Range: 1-65535

dnskey-ttl-k

Description The TTL value of DNSKEY RR

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dnskey-ttl-v

Description in seconds, 14400 seconds by default

Type: number

Range: 1-864000

Default: 14400

dnssec-temp-name

Description DNSSEC Template Name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

dnssec-template-ksk

Description: dnssec-template-ksk is a JSON Block. Please see below for template-list_dnssec-template-ksk

Type: Object

dnssec-template-zsk

Description: dnssec-template-zsk is a JSON Block. Please see below for template-list_dnssec-template-zsk

Type: Object

enable-nsec3

Description enable NSEC3 support. disabled by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hsm

Description specify the HSM template

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/hsm/template

return-nsec-on-failure

Description return NSEC/NSEC3 or not on failure case. return by default

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

signature-validity-period-k

Description The period that a signature is valid

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

signature-validity-period-v

Description in days, 10 days by default

Type: number

Range: 5-30

Default: 10

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template-list_dnssec-template-ksk¶

Specification

Type object

ksk-keysize-k

Description Specify the number of bits in the DNSSEC KSK keys

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ksk-keysize-v

Description Default size is 2048 and must be an exact multiple of 64

Type: number

Range: 1024-4096

ksk-lifetime-k

Description Set the lifetime for DNSSEC KSK keys in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ksk-lifetime-v

Description Default value is 365 days

Type: number

Range: 2-3650

ksk-rollover-time-k

Description Set the rollover time in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-rollover-time-v

Description 7 days less than the lifetime by default

Type: number

Range: 1-3650

Default: 358

template-list_dnssec-template-zsk¶

Specification

Type object

zsk-keysize-k

Description Specify the number of bits in the DNSSEC ZSK keys

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-keysize-v

Description Default size is 2048 and must be an exact multiple of 64

Type: number

Range: 1024-4096

zsk-lifetime-k

Description Set the lifetime for DNSSEC ZSK keys in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-lifetime-v

Description Default value is 90 days

Type: number

Range: 2-3650

Default: 90

zsk-rollover-time-k

Description Set the rollover time in days

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zsk-rollover-time-v

Description 7 days less than the lifetime by default

Type: number

Range: 1-3650

Default: 83

ds¶

Specification

Type object

ds-delete

Description Delete the DS file

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-name

Description DNS zone name of the child zone

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

operational data¶

Counter	Size	Description

ptr_memory	number	ptr_memory
total_memory	number	total_memory
reference_objects	number	reference_objects
mx_objects	number	mx_objects
ds_objects	number	ds_objects
nsec_objects	number	nsec_objects
array_memory	number	array_memory
nsec3param_objects	number	nsec3param_objects
srv_memory	number	srv_memory
reference_memory	number	reference_memory
srv_objects	number	srv_objects
table_memory	number	table_memory
a_objects	number	a_objects
ns_memory	number	ns_memory
aaaa_memory	number	aaaa_memory
zone_objects	number	zone_objects
table_objects	number	table_objects
mx_memory	number	mx_memory
soa_memory	number	soa_memory
domain_objects	number	domain_objects
nsec_memory	number	nsec_memory
nsec3_objects	number	nsec3_objects
a_memory	number	a_memory
array_objects	number	array_objects
total_objects	number	total_objects
soa_objects	number	soa_objects
ds_memory	number	ds_memory
cname_objects	number	cname_objects
domain_memory	number	domain_memory
nsec3param_memory	number	nsec3param_memory
txt_memory	number	txt_memory
dnskey_memory	number	dnskey_memory
ns_objects	number	ns_objects
ptr_objects	number	ptr_objects
aaaa_objects	number	aaaa_objects
cname_memory	number	cname_memory
txt_objects	number	txt_objects
rrsig_objects	number	rrsig_objects
rrsig2_memory	number	rrsig2_memory
nsec3_memory	number	nsec3_memory
zone_memory	number	zone_memory
rrsig2_objects	number	rrsig2_objects
rrsig_memory	number	rrsig_memory
dnskey_objects	number	dnskey_objects