set_dnssec_info
Adds or removes DS records for a given domain. To delete a single record, send a set_dnssec_info request with the full record array minus the one you want to remove.
Request parameters
Standard request parameters
- action = set_dnssec_info
- object = domain
Request attributes
| Parameter | Obligation | Definition/Value |
|---|---|---|
| domain | Required | The domain name you wish to apply DNSSEC to. |
| dnssec | Required | Contains an array specifying the DNSSEC details to be added. For more information, please see the dnssec table below. Note: To remove DNSSEC, submit an empty dnssec array. |
Request parameters within the dnssec array includes the following:
| Parameter | Obligation | Definition/Value |
|---|---|---|
| algorithm | Required | The cryptographic algorithm that generates the signature. Allowed values are: 5—RSA/SHA-1 6—DSA-NSEC3/SHA1 7—RSASHA1-NSEC3/SHA1 8—RSA/SHA-256 10—RSA/SHA-512 253—Private [PRIVATEDNS] 254—Private [PRIVATEOID] |
| key_tag | Required | An integer value that identifies the DNSSEC record for this domain name. Note: This value cannot exceed 65535. |
| digest_type | Required | The algorithm type that constructs the digest, allowed values are: Allowed values are: 1—SHA-1 2—SHA-256 3—GOST 4—SHA-384 |
| digest | Required | The digest is an alpha-numeric string value. The length depends on the digest type used: SHA-1 is 40 characters, SHA-256 & GOST is 64 characters, SHA-384 is 96 characters. |
Response parameters
Standard response parameters
- action = reply
- object = domain
- is_success = Boolean indicating success or failure of the request.
- response_code = Response code indicating outcome of the request.
- response_text = Message describing the outcome of the request.
Examples
Set DNSSEC, using DSA/SHA-1
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE OPS_envelope SYSTEM "ops.dtd">
<OPS_envelope>
<header>
<version>0.9</version>
</header>
<body>
<data_block>
<dt_assoc>
<item key="protocol">XCP</item>
<item key="object">DOMAIN</item>
<item key="action">SET_DNSSEC_INFO</item>
<item key="attributes">
<dt_assoc>
<item key="domain">example.com</item>
<item key="dnssec">
<dt_array>
<item key="0">
<dt_assoc>
<item key="algorithm">5</item>
<item key="key_tag">333</item>
<item key="digest_type">1</item>
<item key="digest">da39a3ee5e6b4b0d3255bfef95601890afd80709</item>
</dt_assoc>
</item>
</dt_array>
</item>
</dt_assoc>
</item>
</dt_assoc>
</data_block>
</body>
</OPS_envelope>
<?xml version='1.0' encoding="UTF-8" standalone="no"?>
<!DOCTYPE OPS_envelope SYSTEM "ops.dtd">
<OPS_envelope>
<header>
<version>0.9</version>
</header>
<body>
<data_block>
<dt_assoc>
<item key="protocol">XCP</item>
<item key="object">DOMAIN</item>
<item key="action">REPLY</item>
<item key="response_text">Command successful</item>
<item key="response_code">200</item>
<item key="is_success">1</item>
</dt_assoc>
</data_block>
</body>
</OPS_envelope>
Remove all DNSSEC entries
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE OPS_envelope SYSTEM "ops.dtd">
<OPS_envelope>
<header>
<version>0.9</version>
</header>
<body>
<data_block>
<dt_assoc>
<item key="protocol">XCP</item>
<item key="object">DOMAIN</item>
<item key="action">set_dnssec_info</item>
<item key="attributes">
<dt_assoc>
<item key="domain">example.com</item>
<item key="dnssec">
<dt_array></dt_array>
</item>
</dt_assoc>
</item>
</dt_assoc>
</data_block>
</body>
</OPS_envelope>
<?xml version='1.0' encoding="UTF-8" standalone="no"?>
<!DOCTYPE OPS_envelope SYSTEM "ops.dtd">
<OPS_envelope>
<header>
<version>0.9</version>
</header>
<body>
<data_block>
<dt_assoc>
<item key="protocol">XCP</item>
<item key="object">DOMAIN</item>
<item key="response_text">Command successful</item>
<item key="action">REPLY</item>
<item key="response_code">200</item>
<item key="is_success">1</item>
</dt_assoc>
</data_block>
</body>
</OPS_envelope>
Updated almost 2 years ago