{ "id":"/axapi/v3/dnssec", "type":"object", "node-type":"scalar", "title":"dnssec", "partition-visibility":"shared", "auto-created-object":1, "description":"Domain Name System Security Extensions commands", "properties":{ "standalone":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Run DNSSEC in standalone mode, in GSLB group mode by default", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "dnskey":{ "type":"object", "$ref":"/axapi/v3/dnssec/dnskey", "properties":{ "key-delete":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Delete the DNSKEY file" }, "zone-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"DNS zone name of the child zone" } } }, "ds":{ "type":"object", "$ref":"/axapi/v3/dnssec/ds", "properties":{ "ds-delete":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Delete the DS file" }, "zone-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"DNS zone name of the child zone" } } }, "sign-zone-now":{ "type":"object", "$ref":"/axapi/v3/dnssec/sign-zone-now", "properties":{ "zone-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Specify the name for the DNS zone, empty means sign all zones" } } }, "key-rollover":{ "type":"object", "$ref":"/axapi/v3/dnssec/key-rollover", "properties":{ "zone-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Specify the name for the DNS zone" }, "dnssec-key-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'ZSK': Zone Signing Key; 'KSK': Key Signing Key; ", "enum":[ "ZSK", "KSK" ] }, "zsk-start":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"start ZSK rollover in emergency mode" }, "ksk-start":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"start KSK rollover in emergency mode" }, "ds-ready-in-parent-zone":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"DS RR is already ready in the parent zone" } } }, "template-list":{ "type":"array", "minItems":1, "items":{ "type":"template" }, "uniqueItems":true, "$ref":"/axapi/v3/dnssec/template/{dnssec-temp-name}", "array":[ { "properties":{ "dnssec-temp-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DNSSEC Template Name", "optional":false }, "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'RSASHA1': RSASHA1 algorithm; 'RSASHA256': RSASHA256 algorithm; 'RSASHA512': RSASHA512 algorithm; ", "enum":[ "RSASHA1", "RSASHA256", "RSASHA512" ], "optional":true }, "combinations-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"the max number of combinations per RRset (Default value is 31)", "optional":true }, "dnskey-ttl-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"The TTL value of DNSKEY RR", "optional":true }, "dnskey-ttl-v":{ "type":"number", "format":"number", "minimum":1, "maximum":864000, "default":14400, "partition-visibility":"shared", "description":"in seconds, 14400 seconds by default", "optional":true }, "enable-nsec3":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"enable NSEC3 support. disabled by default", "optional":true }, "return-nsec-on-failure":{ "type":"number", "format":"flag", "default":1, "partition-visibility":"shared", "description":"return NSEC/NSEC3 or not on failure case. return by default", "optional":true }, "signature-validity-period-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"The period that a signature is valid", "optional":true }, "signature-validity-period-v":{ "type":"number", "format":"number", "minimum":5, "maximum":30, "default":10, "partition-visibility":"shared", "description":"in days, 10 days by default", "optional":true }, "hsm":{ "type":"string", "format":"string", "plat-neg-list":["tps"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/hsm/template", "description":"specify the HSM template", "optional":true }, "dnssec-template-zsk":{ "type":"object", "properties":{ "zsk-keysize-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specify the number of bits in the DNSSEC ZSK keys" }, "zsk-keysize-v":{ "type":"number", "format":"number", "minimum":1024, "maximum":4096, "partition-visibility":"shared", "description":"Default size is 2048 and must be an exact multiple of 64" }, "zsk-lifetime-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Set the lifetime for DNSSEC ZSK keys in days" }, "zsk-lifetime-v":{ "type":"number", "format":"number", "minimum":2, "maximum":3650, "default":90, "partition-visibility":"shared", "description":"Default value is 90 days" }, "zsk-rollover-time-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Set the rollover time in days" }, "zsk-rollover-time-v":{ "type":"number", "format":"number", "minimum":1, "maximum":3650, "default":83, "partition-visibility":"shared", "description":"7 days less than the lifetime by default" } } }, "dnssec-template-ksk":{ "type":"object", "properties":{ "ksk-keysize-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specify the number of bits in the DNSSEC KSK keys" }, "ksk-keysize-v":{ "type":"number", "format":"number", "minimum":1024, "maximum":4096, "partition-visibility":"shared", "description":"Default size is 2048 and must be an exact multiple of 64" }, "ksk-lifetime-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Set the lifetime for DNSSEC KSK keys in days" }, "ksk-lifetime-v":{ "type":"number", "format":"number", "minimum":2, "maximum":3650, "partition-visibility":"shared", "description":"Default value is 365 days" }, "ksk-rollover-time-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Set the rollover time in days" }, "zsk-rollover-time-v":{ "type":"number", "format":"number", "minimum":1, "maximum":3650, "default":358, "partition-visibility":"shared", "description":"7 days less than the lifetime by default" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dnssec-temp-name" ] } ] } } }