Updating the DNSSEC service keys using the API requires specific syntax depending on whether you are using REST or SOAP. Use this table to find the syntax for your command.
For more information on the bits field, please refer to RFC 4034
Understanding How The API Works »
REST Syntax
| Click to view all REST Resources |
|
/REST/DNSSEC/ PUT — Update the DNSSEC key or create a new key.
HTTP Action — PUT
URI — https://api.dynect.net/REST/DNSSEC/<zone>/
|
| Arguments:
To Create a New Key — Click for More Info
- array
keys — Required. A list of keys.
- string
type — Required. The type of the key.
Valid values:
KSK
ZSK
- string
algorithm — Required.
Valid values:
RSA/SHA-1
RSA/SHA-256
RSA/SHA-512
DSA
ECDSAP256SHA256
ECDSAP384SHA384
- string
bits — Required. Length of key.
Valid values include:
256
384
1024
2048
4096
- string
start_ts — An epoch time when key is to be valid. Default = current time.
- string
lifetime — Lifetime of the key expressed in seconds.
ZSK Default = 30 days.
KSK Default = 1 year.
- string
overlap — Time before key expiration when a replacement key is prepared, expressed in seconds.
Default = 7 days.
- string
expire_ts — An epoch time when this key is to expire.
Default = start_ts + lifetime.
To Control the Existing Key — Click for More Info
- array
keys — Required. A list of keys.
- string
dnssec_key_id — Required. A key identifier.
- string
action — Required. Action to perform on the key.
Valid values:
rollover — Create a replacement key and schedule expiration of this one.
rollover_now — Create a replacement key and immediately expire this one.
remove — Remove this key without replacement.
|
| Response (For both Create a new key and Control an existing key) — Click for More Info
|
SOAP Syntax
| Click to view all SOAP Commands |
|
UpdateDNSSEC — Create or control an existing key on the DNSSEC service for the zone indicated.
|
| Arguments:
To Create a New Key — Click for More Info
- array
keys — A list of key data.
- string
type — Required. The type of the key.
Valid values:
KSK
ZSK.
- string
algorithm — Required.
Valid values:
RSA/SHA-1
RSA/SHA-256
RSA/SHA-512
DSA
ECDSAP256SHA256
ECDSAP384SHA384
- string
bits — Required. Length of key.
Valid values include:
256
384
1024
2048
4096
- string
start_ts — An epoch time when key is to be valid. Default = current time.
- string
lifetime — Lifetime of the key expressed in seconds.
ZSK Default = 30 days.
KSK Default = 1 year.
- string
overlap — Time before key expiration when a replacement key is prepared, expressed in seconds.
Default = 7 days.
- string
expire_ts — An epoch time when this key is to expire.
Default = start_ts + lifetime.
- string
contact_nickname — Required. Name of contact to receive notifications.
- string
notify_events — Comma-separated list of events which trigger notifications.
Valid values:
create – a new version of a key was created.
expire – a key was automatically expired.
warning – early warnings (2 weeks, 1 week, 1 day) of events.
- string
token — Required. The session identifier.
- string
zone — Required. Name of the zone where the service will exists.
To Control an Existing Key — Click for More Info
- array
keys — A list of keys.
- string
dnssec_key_id — Required. A key identifier.
- string
action — Required. Action to perform on the key.
Valid values:
rollover — Create a replacement key and schedule expiration of the current key.
rollover_now — Create a replacement key and immediately expire the current key.
remove — Remove this key without replacement.
|
| Response (For both Create a new key and Controlling an existing key) — Click for More Info
|
Example Request — Click for More Info
'keys' => [
'dnssec_key_id' => 23,
'action' => 'rollover_now',
],
'token' => 'asdlkfjasl23j4879afa',
'zone' => 'example.com',
}
|
DNS API Knowledge Base
