.. _dnssec:

dnssec
======

Domain Name System Security Extensions commands


dnssec Specification
--------------------

	===================================== ===============================================
	 **Parameter**                         **Value** 

	===================================== ===============================================
	 **Type**                              *Configuration Resource*

	 **Element Name**                      dnssec

	 **Element URI**                       /axapi/v3/dnssec

	 **Element Attributes**                dnssec_attributes

	 **Partition Visibility**              shared

	 **Operational Data URI**              /axapi/v3/dnssec/oper

	 **Schema**                             :download:`dnssec schema <dnssec/dnssec.txt>`
	===================================== ===============================================





	**Operations Allowed:**




.. raw:: html

   <script type="text/javascript">
 function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
   function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
 </script>
   <table width='90%' style='margin-left:5%'>



.. raw:: html

   <tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/dnssec



.. raw:: html

   </td><td valign = 'top'>


:ref:`1438_dnssec_attributes`



.. raw:: html

   </td><td><button id='post_eg' onClick="showExample('post')">example</button> <button id='post_cl' onClick="closeExample('post')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='post_div' style='display:none'>


.. include:: ../artifacts/dnssec_POST.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get Object



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/dnssec



.. raw:: html

   </td><td valign = 'top'>


:ref:`1438_dnssec_attributes`



.. raw:: html

   </td><td><button id='get_eg' onClick="showExample('get')">example</button> <button id='get_cl' onClick="closeExample('get')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='get_div' style='display:none'>


.. include:: ../artifacts/dnssec_GET.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Modify Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/dnssec



.. raw:: html

   </td><td valign = 'top'>


:ref:`1438_dnssec_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Replace Object



.. raw:: html

   </td><td valign = 'top'>


PUT



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/dnssec



.. raw:: html

   </td><td valign = 'top'>


:ref:`1438_dnssec_attributes`



.. raw:: html

   </td><td><button id='put_eg' onClick="showExample('put')">example</button> <button id='put_cl' onClick="closeExample('put')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='put_div' style='display:none'>


.. include:: ../artifacts/dnssec_PUT.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Delete Object



.. raw:: html

   </td><td valign = 'top'>


DELETE



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/dnssec



.. raw:: html

   </td><td valign = 'top'>


:ref:`1438_dnssec_attributes`



.. raw:: html

   </td><td><button id='delete_eg' onClick="showExample('delete')">example</button> <button id='delete_cl' onClick="closeExample('delete')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='delete_div' style='display:none'>


.. include:: ../artifacts/dnssec_DELETE.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   </table>

.. _1438_dnssec_attributes:

dnssec attributes
-----------------

    **dnskey**

        **Description:** dnskey is a **JSON Block**.  Please see below for :ref:`1438_dnskey` 

        **Type:** Object

        **Reference Object:** :doc:`/axapi/v3/dnssec/dnskey <dnssec_dnskey>`

    **ds**

        **Description:** ds is a **JSON Block**.  Please see below for :ref:`1438_ds` 

        **Type:** Object

        **Reference Object:** :doc:`/axapi/v3/dnssec/ds <dnssec_ds>`

    **key-rollover**

        **Description:** key-rollover is a **JSON Block**.  Please see below for :ref:`1438_key-rollover` 

        **Type:** Object

        **Reference Object:** :doc:`/axapi/v3/dnssec/key-rollover <dnssec_key_rollover>`

    **sign-zone-now**

        **Description:** sign-zone-now is a **JSON Block**.  Please see below for :ref:`1438_sign-zone-now` 

        **Type:** Object

        **Reference Object:** :doc:`/axapi/v3/dnssec/sign-zone-now <dnssec_sign_zone_now>`

    **standalone**

        **Description** Run DNSSEC in standalone mode, in GSLB group mode by default

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **template-list**

        **Type:** List

        **Reference Object:** :doc:`/axapi/v3/dnssec/template/{dnssec-temp-name} <dnssec_template>`

    **uuid**

        **Description** uuid of the object

        **Type:** string

        **Maximum Length:** 64 characters

        **Maximum Length:** 1 characters

.. _1438_key-rollover:

key-rollover
^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **dnssec-key-type**

        **Description** 'ZSK': Zone Signing Key; 'KSK': Key Signing Key; 

        **Type:** string

        **Supported Values:** ZSK, KSK

    **ds-ready-in-parent-zone**

        **Description** DS RR is already ready in the parent zone

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **ksk-start**

        **Description** start KSK rollover in emergency mode

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **zone-name**

        **Description** Specify the name for the DNS zone

        **Type:** string

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters

    **zsk-start**

        **Description** start ZSK rollover in emergency mode

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

.. _1438_sign-zone-now:

sign-zone-now
^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **zone-name**

        **Description** Specify the name for the DNS zone, empty means sign all zones

        **Type:** string

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters

.. _1438_dnskey:

dnskey
^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **key-delete**

        **Description** Delete the DNSKEY file

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **zone-name**

        **Description** DNS zone name of the child zone

        **Type:** string

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters

.. _1438_template-list:

template-list
^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *list*

	 **Block object keys**             

	=============================== ===================================================

    **algorithm**

        **Description** 'RSASHA1': RSASHA1 algorithm; 'RSASHA256': RSASHA256 algorithm; 'RSASHA512': RSASHA512 algorithm; 

        **Type:** string

        **Supported Values:** RSASHA1, RSASHA256, RSASHA512

    **combinations-limit**

        **Description** the max number of combinations per RRset (Default value is 31)

        **Type:** number

        **Range:** 1-65535

    **dnskey-ttl-k**

        **Description** The TTL value of DNSKEY RR

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **dnskey-ttl-v**

        **Description** in seconds, 14400 seconds by default

        **Type:** number

        **Range:** 1-864000

        **Default:** 14400

    **dnssec-temp-name**

        **Description** DNSSEC Template Name

        **Type:** string

        **Maximum Length:** 63 characters

        **Maximum Length:** 1 characters

    **dnssec-template-ksk**

        **Description:** dnssec-template-ksk is a **JSON Block**.  Please see below for :ref:`1438_template-list_dnssec-template-ksk` 

        **Type:** Object

    **dnssec-template-zsk**

        **Description:** dnssec-template-zsk is a **JSON Block**.  Please see below for :ref:`1438_template-list_dnssec-template-zsk` 

        **Type:** Object

    **enable-nsec3**

        **Description** enable NSEC3 support. disabled by default

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **hsm**

        **Description** specify the HSM template

        **Type:** string

        **Maximum Length:** 63 characters

        **Maximum Length:** 1 characters

        **Reference Object:** :doc:`/axapi/v3/hsm/template <hsm_template>`

    **return-nsec-on-failure**

        **Description** return NSEC/NSEC3 or not on failure case. return by default

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 1

    **signature-validity-period-k**

        **Description** The period that a signature is valid

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **signature-validity-period-v**

        **Description** in days, 10 days by default

        **Type:** number

        **Range:** 5-30

        **Default:** 10

    **user-tag**

        **Description** Customized tag

        **Type:** string

        **Format:** string-rlx

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters

    **uuid**

        **Description** uuid of the object

        **Type:** string

        **Maximum Length:** 64 characters

        **Maximum Length:** 1 characters

.. _1438_template-list_dnssec-template-ksk:

template-list_dnssec-template-ksk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **ksk-keysize-k**

        **Description** Specify the number of bits in the DNSSEC KSK keys

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **ksk-keysize-v**

        **Description** Default size is 2048 and must be an exact multiple of 64

        **Type:** number

        **Range:** 1024-4096

    **ksk-lifetime-k**

        **Description** Set the lifetime for DNSSEC KSK keys in days

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **ksk-lifetime-v**

        **Description** Default value is 365 days

        **Type:** number

        **Range:** 2-3650

    **ksk-rollover-time-k**

        **Description** Set the rollover time in days

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **zsk-rollover-time-v**

        **Description** 7 days less than the lifetime by default

        **Type:** number

        **Range:** 1-3650

        **Default:** 358

.. _1438_template-list_dnssec-template-zsk:

template-list_dnssec-template-zsk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **zsk-keysize-k**

        **Description** Specify the number of bits in the DNSSEC ZSK keys

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **zsk-keysize-v**

        **Description** Default size is 2048 and must be an exact multiple of 64

        **Type:** number

        **Range:** 1024-4096

    **zsk-lifetime-k**

        **Description** Set the lifetime for DNSSEC ZSK keys in days

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **zsk-lifetime-v**

        **Description** Default value is 90 days

        **Type:** number

        **Range:** 2-3650

        **Default:** 90

    **zsk-rollover-time-k**

        **Description** Set the rollover time in days

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **zsk-rollover-time-v**

        **Description** 7 days less than the lifetime by default

        **Type:** number

        **Range:** 1-3650

        **Default:** 83

.. _1438_ds:

ds
^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **ds-delete**

        **Description** Delete the DS file

        **Type:** boolean

        **Supported Values:** true, false, 1, 0

        **Default:** 0

    **zone-name**

        **Description** DNS zone name of the child zone

        **Type:** string

        **Maximum Length:** 127 characters

        **Maximum Length:** 1 characters