Create DNSSEC security key

This function generates a DNSSEC zone key for a domain.

Note:

  • After you enable DNSSEC on the domain, you must add the DS records to your registrar.
  • You cannot modify the DNSSEC security key. To make any changes, you must disable (and delete) and re-create the DNSSEC security key.

Important:

When you disable the DNS role, the system disables this function.

Authorizations:
query Parameters
algo_num
required
integer

The algorithm that the system uses to generate the security key.

  • 5 — RSA/SHA-1
  • 6 — DSA-NSEC3-SHA1
  • 7 — RSASHA1-NSEC3-SHA1
  • 8 — RSA/SHA-256
  • 10 — RSA/SHA-512
  • 13 — ECDSA Curve P-256 with SHA-256
  • 14 — ECDSA Curve P-384 with SHA-384

Note:

We recommend that you use 'ECDSA Curve P-256 with SHA-256' if your registrar supports it.

Enum: 5 6 7 8 10 13 14
Example: algo_num=8
domain
required
string <domain>

The domain on which to enable DNSSEC.

Example: domain=example.com
key_type
required
string

The type of key to add.

  • ksk
  • zsk
Enum: "ksk" "zsk"
Example: key_type=ksk
active
integer
Default: 1

Whether to activate the newly-created key.

  • 1 — Activate the key.
  • 0 — Do not activate the key.
Enum: 0 1
Example: active=1
key_size
integer [ 256 .. 2048 ]

The key's size, in bits.

Note:

For the following algo_num and key_type parameters, the key_size defaults to the following values:

  • 5 — ksk 2048 zsk 1024
  • 6 — ksk 2048 zsk 1024
  • 7 — ksk 2048 zsk 1024
  • 8 — ksk 2048 zsk 1024
  • 10 — ksk 2048 zsk 1024
  • 13 — ksk 256 zsk 256
  • 14 — ksk 384 zsk 384
Example: key_size=2048

Responses

Response Schema: application/json
apiversion
integer

The version of the API.

func
string

The name of the method called.

module
string

The name of the module called.

object

Request samples

uapi --output=jsonpretty \
  --user=username \
  DNSSEC \
  add_zone_key \
  domain='example.com' \
  algo_num='8' \
  key_type='ksk'

Response samples

Content type
application/json
{
  • "apiversion": 3,
  • "func": "add_zone_key",
  • "module": "DNSSEC",
  • "result": {
    • "data": {
      • "domain": "example.com",
      • "error": "Error: Invalid key_id or domain specified: No such key present for domain.",
      • "new_key_id": "1",
      • "success": 1
      },
    • "errors": null,
    • "messages": null,
    • "metadata": { },
    • "status": 1,
    • "warnings": null
    }
}