Enable DNSSEC on domain

This function enables DNSSEC on the domain.

Note:

Only servers that run PowerDNS can use DNSSEC. If you call this function on a server that doesn't use PowerDNS, you will receive an error.
After you enable DNSSEC on the domain, you must add the Delegation of Signing (DS) records on your DNS server and with your registrar.
You cannot modify the DNSSEC security key. To make any changes, you must disable, delete, and re-create the DNSSEC security key.

SecurityBasicAuth

Request

query Parameters

domain required	string <domain> The domain for which to enable DNSSEC. Note: To enable DNSSEC on multiple domains, duplicate or increment the parameter name. For example, to check three domains, you could: Use the `domain` parameter multiple times. Use the `domain`, `domain-1`, and `domain-2` parameters. Examples: Multiple domains domain=domain=example.com&domain-1=example1.com&domain-2=example2.com Multiple domains domain=domain=example.com&domain=example1.com&domain=example2.com A single domain. domain=example.com
active	integer Default: 1 Whether to activate the newly-created key. `1` - Activate the key. `0` - Do not activate the key. Enum: 0 1 Example: active=1
algo_num	integer Default: 8 The algorithm that the system uses to generate the security key. `5` - RSA/SHA-1 `6` - DSA-NSEC3-SHA1 `7` - RSASHA1-NSEC3-SHA1 `8` - RSA/SHA-256 `10` - RSA/SHA-512 `13` - ECDSA Curve P-256 with SHA-256 `14` - ECDSA Curve P-384 with SHA-384 Note: We recommend that you use an ECDSA Curve P-256 with SHA-256 (13) value if your registrar supports it. Enum: 5 6 7 8 10 13 14 Example: algo_num=8
key_setup	string Default: "classic" The manner in which the system creates the security key. `classic` - Use separate keys for KSK and ZSK. Use this value when the `algo_num` parameter is equal to or less than 8. `simple` - Use a single key for both KSK and ZSK. Use this value when the `algo_num` parameter is greater than 8. Enum: "classic" "simple" Example: key_setup=classic
nsec3_iterations	integer [ 1 .. 500 ] Default: 7 The number of times that the system rehashes the first resource record hash operation. Example: nsec3_iterations=7
nsec3_narrow	integer Default: 1 Whether NSEC3 operates in Narrow or Inclusive mode. Note: For information about these modes, read PowerDNS's DNSSEC documentation. `1` - Narrow mode. `0` - Inclusive mode. Enum: 0 1 Example: nsec3_narrow=1
nsec3_opt_out	integer Default: 0 Whether the system will create records for all delegations. `1` - Create records for all delegations. `0` - Create records only for secure delegations. Note: Only use the `1` value if you must create records for all delegations. Enum: 0 1 Example: nsec3_opt_out=1
nsec3_salt	string A hexadecimal string that the system appends to the domain name before it applies the hash function to the name. Note: For information about salt values, read RFC 5155. Example: nsec3_salt=1a2b3c4d5e6f
use_nsec3	integer Default: 1 Whether the domain will use Next Secure Record (NSEC) or NSEC3 semantics. `1` - Use NSEC3 semantics. `0` - Use NSEC semantics. Note: If you use this value, the system ignores the other NSEC3 options. Enum: 0 1 Example: use_nsec3=1

Responses

200

HTTP Request was successful.

Response Schema: application/json

	object
	object

get/enable_dnssec_for_domains

Request samples

whmapi1 --output=jsonpretty \
  enable_dnssec_for_domains \
  domain='example.com'

Response samples

application/json

{"data": {"domains": [{"domain": "example.com",
"enabled": 1,
"new_key_id": "2",
"nsec_error": "Error message.",
"nsec_version": "NSEC3"
}
]
},
"metadata": {"command": "enable_dnssec_for_domains",
"reason": "OK",
"result": 1,
"version": 1
}
}