Enable NSEC3 semantics for domain

This function configures the domain to use Next Secure Record 3 (NSEC3) semantics.

Note:

Only servers that run PowerDNS can use DNSSEC. If you call this function on a server that doesn't use PowerDNS, you will receive an error.

Authorizations:
query Parameters
domain
required
string <domain>

The domain for which to enable NSEC3 semantics.

Example: domain=example.com
nsec3_iterations
required
integer [ 1 .. 500 ]

The number of times that the system re-executes the first resource record hash operation.

Example: nsec3_iterations=7
nsec3_narrow
required
integer

Whether NSEC3 will operate in Narrow mode or Inclusive mode.

Note

For information about these modes, read PowerDNS's DNSSEC documentation.

  • 1 - Narrow mode.
  • 0 - Inclusive mode.
Enum: 0 1
Example: nsec3_narrow=1
nsec3_opt_out
required
integer

Whether the system will create records for all delegations.

  • 1 - Create records for all delegations.
  • 0 - Create records only for secure delegations.

Note

Only select 1 if you must create records for all delegations.

Enum: 0 1
Example: nsec3_opt_out=0
nsec3_salt
required
string

The salt value that PowerDNS uses in the hashes.

Note:

For information about salt values, read RFC 5155.

Example: nsec3_salt=1a2b3c4d5e6f

Responses

Response Schema: application/json
object
object

Request samples

whmapi1 --output=jsonpretty \
  set_nsec3_for_domains \
  domain='example.com' \
  nsec3_opt_out='0' \
  nsec3_iterations='7' \
  nsec3_narrow='1' \
  nsec3_salt='1a2b3c4d5e6f'

Response samples

Content type
application/json
{
  • "data": {
    • "domains": [
      • {
        • "domain": "example.com",
        • "enabled": 1,
        • "error": "Error message."
        }
      ]
    },
  • "metadata": {
    • "command": "set_nsec3_for_domains",
    • "reason": "OK",
    • "result": 1,
    • "version": 1
    }
}