Update domain to use NSEC3

This function configures the domain to use Next Secure Record 3 (NSEC3) semantics.

Important:

When you disable the DNS role, the system disables this function.

Authorizations:
query Parameters
domain
required
string <domain>

The domain on which to enable NSEC3 semantics.

Example: domain=example.com
nsec3_iterations
required
integer [ 1 .. 500 ]

The number of times that the system re-executes the first resource record hash operation.

Example: nsec3_iterations=7
nsec3_narrow
required
integer

Whether NSEC3 will operate in Narrow mode or Inclusive mode. In Narrow mode, PowerDNS sends out white lies about the next secure record. Rather than query the resource record in the database, PowerDNS sends the hash plus 1 as the next secure record.

  • 1 - Narrow mode. * 0 - Inclusive mode.
Enum: 0 1
Example: nsec3_narrow=1
nsec3_opt_out
required
integer

Whether the system will create records for all delegations.

  • 1 - Create records for all delegations.
  • 0 - Create records only for secure delegations.

Note:

Only select 1 if you must create records for all delegations.

Enum: 0 1
Example: nsec3_opt_out=0
nsec3_salt
required
string <hex>

The salt value that PowerDNS uses in the hashes. For more information about the salt value, read the RFC 5155 documentation.

Example: nsec3_salt=1A2B3C4D5E6F

Responses

Response Schema: application/json
apiversion
integer

The version of the API.

func
string

The name of the method called.

module
string

The name of the module called.

object

Request samples

uapi --output=jsonpretty \
  --user=username \
  DNSSEC \
  set_nsec3 \
  domain='example.com' \
  nsec3_opt_out='0' \
  nsec3_iterations='7' \
  nsec3_narrow='1' \
  nsec3_salt='1A2B3C4D5E6F'

Response samples

Content type
application/json
{
  • "apiversion": 3,
  • "func": "set_nsec3",
  • "module": "DNSSEC",
  • "result": {
    • "data": {
      • "enabled": {
        • "example1.com": 1
        }
      },
    • "errors": null,
    • "messages": null,
    • "metadata": { },
    • "status": 1,
    • "warnings": null
    }
}