dnssec¶
Domain Name System Security Extensions commands
dnssec Specification¶
Parameter Value Type Configuration Resource Element Name dnssec Element URI /axapi/v3/dnssec Element Attributes dnssec_attributes Partition Visibility shared Operational Data URI /axapi/v3/dnssec/oper Schema dnssec schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
| Create Object | POST | /axapi/v3/dnssec | ||
| Get Object | GET | /axapi/v3/dnssec | ||
| Modify Object | POST | /axapi/v3/dnssec | ||
| Replace Object | PUT | /axapi/v3/dnssec | ||
| Delete Object | DELETE | /axapi/v3/dnssec | ||
dnssec attributes¶
dnskey
Description: dnskey is a JSON Block. Please see below for dnskey
Type: Object
Reference Object: /axapi/v3/dnssec/dnskey
ds
Description: ds is a JSON Block. Please see below for ds
Type: Object
Reference Object: /axapi/v3/dnssec/ds
key-rollover
Description: key-rollover is a JSON Block. Please see below for key-rollover
Type: Object
Reference Object: /axapi/v3/dnssec/key-rollover
sign-zone-now
Description: sign-zone-now is a JSON Block. Please see below for sign-zone-now
Type: Object
Reference Object: /axapi/v3/dnssec/sign-zone-now
standalone
Description Run DNSSEC in standalone mode, in GSLB group mode by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template-list
Type: List
Reference Object: /axapi/v3/dnssec/template/{dnssec-temp-name}
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
key-rollover¶
Specification Value Type object dnssec-key-type
Description ‘ZSK’: Zone Signing Key; ‘KSK’: Key Signing Key;
Type: string
Supported Values: ZSK, KSK
ds-ready-in-parent-zone
Description DS RR is already ready in the parent zone
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ksk-start
Description start KSK rollover in emergency mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-name
Description Specify the name for the DNS zone
Type: string
Maximum Length: 127 characters
Maximum Length: 1 characters
zsk-start
Description start ZSK rollover in emergency mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sign-zone-now¶
Specification Value Type object zone-name
Description Specify the name for the DNS zone, empty means sign all zones
Type: string
Maximum Length: 127 characters
Maximum Length: 1 characters
dnskey¶
Specification Value Type object key-delete
Description Delete the DNSKEY file
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-name
Description DNS zone name of the child zone
Type: string
Maximum Length: 127 characters
Maximum Length: 1 characters
template-list¶
Specification Value Type list Block object keys algorithm
Description ‘RSASHA1’: RSASHA1 algorithm; ‘RSASHA256’: RSASHA256 algorithm; ‘RSASHA512’: RSASHA512 algorithm;
Type: string
Supported Values: RSASHA1, RSASHA256, RSASHA512
combinations-limit
Description the max number of combinations per RRset (Default value is 31)
Type: number
Range: 1-65535
dnskey-ttl-k
Description The TTL value of DNSKEY RR
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dnskey-ttl-v
Description in seconds, 14400 seconds by default
Type: number
Range: 1-864000
Default: 14400
dnssec-temp-name
Description DNSSEC Template Name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
dnssec-template-ksk
Description: dnssec-template-ksk is a JSON Block. Please see below for template-list_dnssec-template-ksk
Type: Object
dnssec-template-zsk
Description: dnssec-template-zsk is a JSON Block. Please see below for template-list_dnssec-template-zsk
Type: Object
enable-nsec3
Description enable NSEC3 support. disabled by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hsm
Description specify the HSM template
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/hsm/template
return-nsec-on-failure
Description return NSEC/NSEC3 or not on failure case. return by default
Type: boolean
Supported Values: true, false, 1, 0
Default: 1
signature-validity-period-k
Description The period that a signature is valid
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
signature-validity-period-v
Description in days, 10 days by default
Type: number
Range: 5-30
Default: 10
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template-list_dnssec-template-ksk¶
Specification Value Type object ksk-keysize-k
Description Specify the number of bits in the DNSSEC KSK keys
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ksk-keysize-v
Description Default size is 2048 and must be an exact multiple of 64
Type: number
Range: 1024-4096
ksk-lifetime-k
Description Set the lifetime for DNSSEC KSK keys in days
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ksk-lifetime-v
Description Default value is 365 days
Type: number
Range: 2-3650
ksk-rollover-time-k
Description Set the rollover time in days
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zsk-rollover-time-v
Description 7 days less than the lifetime by default
Type: number
Range: 1-3650
Default: 358
template-list_dnssec-template-zsk¶
Specification Value Type object zsk-keysize-k
Description Specify the number of bits in the DNSSEC ZSK keys
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zsk-keysize-v
Description Default size is 2048 and must be an exact multiple of 64
Type: number
Range: 1024-4096
zsk-lifetime-k
Description Set the lifetime for DNSSEC ZSK keys in days
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zsk-lifetime-v
Description Default value is 90 days
Type: number
Range: 2-3650
Default: 90
zsk-rollover-time-k
Description Set the rollover time in days
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zsk-rollover-time-v
Description 7 days less than the lifetime by default
Type: number
Range: 1-3650
Default: 83
ds¶
Specification Value Type object ds-delete
Description Delete the DS file
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-name
Description DNS zone name of the child zone
Type: string
Maximum Length: 127 characters
Maximum Length: 1 characters