This function enables DNSSEC on the domain.
Note:
Important:
When you disable the DNS role, the system disables this function.
domain required | string <domain> The domain on which to enable DNSSEC. Note: To enable DNSSEC on multiple domains, increment the parameter name. For example: domain=domain-0=example0.com&domain-1=example1.com&domain-2=example2.com domain=example.com |
active | integer Default: 1 Whether to activate the newly-created key.
Example: active=1 |
algo_num | integer [ 0 .. 255 ] Default: 8 The algorithm that the system uses to generate the security key.
Note: We recommend that you use Example: algo_num=8 |
key_setup | string Default: "classic" The manner in which the system creates the security key.
Example: key_setup=classic |
nsec3_iterations | integer [ 1 .. 500 ] Default: 7 The number of times that the system rehashes the first resource record hash operation. A positive integer less than Example: nsec3_iterations=7 |
nsec3_narrow | integer Default: 1 Whether NSEC3 will operate in Narrow or Inclusive mode. In Narrow mode, PowerDNS sends out white lies about the next secure record. Rather than query the resource record in the database, PowerDNS sends the hash plus
Example: nsec3_narrow=1 |
nsec3_opt_out | integer Default: 0 Whether the system will create records for all delegations.
Note: Only select Example: nsec3_opt_out=0 |
nsec3_salt | string <hex> <= 255 characters A hexadecimal string that the system appends to the domain name before it applies the hash function to the name. For more information about the salt value, read the RFC 5155 documentation. If you do not declare a value, the system defaults to a random 64-bit value. Example: nsec3_salt=1A2B3C4D5E6F |
use_nsec3 | integer Default: 1 Whether the domain will use Next Secure Record (NSEC) or NSEC3 semantics.
Note: If you use NSEC semantics ( Example: use_nsec3=1 |
uapi --output=jsonpretty \ --user=username \ DNSSEC \ enable_dnssec \ domain='example.com'
{- "apiversion": 3,
- "func": "enable_dnssec",
- "module": "DNSSEC",
- "result": {
- "data": {
- "enabled": {
- "example.com": {
- "enabled": 1,
- "new_key_id": "1",
- "nsec_version": "NSEC3"
}
}
}, - "errors": null,
- "messages": null,
- "metadata": { },
- "status": 1,
- "warnings": null
}
}