This function configures the domain to use Next Secure Record 3 (NSEC3) semantics.
Important:
When you disable the DNS role, the system disables this function.
| domain required | string <domain> The domain on which to enable NSEC3 semantics. Example: domain=example.com |
| nsec3_iterations required | integer [ 1 .. 500 ] The number of times that the system re-executes the first resource record hash operation. Example: nsec3_iterations=7 |
| nsec3_narrow required | integer Whether NSEC3 will operate in Narrow mode or Inclusive mode. In Narrow mode, PowerDNS sends out white lies about the next secure record. Rather than query the resource record in the database, PowerDNS sends the hash plus 1 as the next secure record.
Example: nsec3_narrow=1 |
| nsec3_opt_out required | integer Whether the system will create records for all delegations.
Note: Only select Example: nsec3_opt_out=0 |
| nsec3_salt required | string <hex> The salt value that PowerDNS uses in the hashes. For more information about the salt value, read the RFC 5155 documentation. Example: nsec3_salt=1A2B3C4D5E6F |
uapi --output=jsonpretty \ --user=username \ DNSSEC \ set_nsec3 \ domain='example.com' \ nsec3_opt_out='0' \ nsec3_iterations='7' \ nsec3_narrow='1' \ nsec3_salt='1A2B3C4D5E6F'
{- "apiversion": 3,
- "func": "set_nsec3",
- "module": "DNSSEC",
- "result": {
- "data": {
- "enabled": {
- "example1.com": 1
}
}, - "errors": null,
- "messages": null,
- "metadata": { },
- "status": 1,
- "warnings": null
}
}