Create domain's DNSSEC zone key

This function generates a DNSSEC zone key for a domain.

Note:

  • Only servers that run PowerDNS can use DNSSEC. If you call this function on a server that doesn't use PowerDNS, you will receive an error.
  • After you enable DNSSEC on the domain, you must add the Delegation of Signing (DS) records to your zone record and your registrar.
  • You cannot modify the DNSSEC security key. To make any changes, you must disable, delete, and re-create the DNSSEC security key.
Authorizations:
query Parameters
algo_num
required
integer

The algorithm that the system uses to generate the security key.

  • 5 — RSA/SHA-1
  • 6 — DSA-NSEC3-SHA1
  • 7 — RSA SHA1-NSEC3-SHA1
  • 8 — RSA/SHA-256
  • 13 — ECDSA Curve P-256 with SHA-256
  • 14 — ECDSA Curve P-384 with SHA-384

Note:

We recommend that you use a 13 (ECDSA Curve P-256 with SHA-256) value if your registrar supports it.

Enum: 5 6 7 8 13 14
Example: algo_num=13
domain
required
string

The domain for which to enable DNSSEC.

Example: domain=example.com
key_type
required
string

The type of security key to add.

  • ksk — Key Signing Key.
  • zsk — Zone Signing Key.

Note:

You must call these values in lowercase.

Example: key_type=ksk
active
integer
Default: 1

Whether to activate the new security key.

  • 1 — Activate.
  • 0 — Do not activate.
Enum: 0 1
Example: active=1
key_size
integer

The security key size, in bits.

Note:

This parameter defaults to the following values, depending on the algo_num and key_type values:

  • algo_num = 5
    • ksk = 2048
    • zsk = 1024
  • algo_num = 6
    • ksk = 2048
    • zsk = 1024
  • algo_num = 7
    • ksk = 2048
    • zsk = 1024
  • algo_num = 8
    • ksk = 2048
    • zsk = 1024
  • algo_num = 13
    • ksk and zsk = 256
  • algo_num = 14
    • ksk and zsk = 384
Enum: 256 384 1024 2048
Example: key_size=256

Responses

Response Schema: application/json
object
object

Request samples

whmapi1 --output=jsonpretty \
  add_zone_key \
  domain='example.com' \
  algo_num='13' \
  key_type='ksk'

Response samples

Content type
application/json
{
  • "data": {
    • "new_key_id": "1"
    },
  • "metadata": {
    • "command": "add_zone_key",
    • "reason": "OK",
    • "result": 1,
    • "version": 1
    }
}