Contents

Previous topic

Zones

Next topic

Metadata

This Page

  1. Docs
  2. Built-in Webserver and HTTP API
  3. Cryptokeys

Cryptokeys

Allows for modifying DNSSEC key material via the API.

Endpoints

GET /servers/{server_id}/zones/{zone_id}/cryptokeys

Get all CryptoKeys for a zone, except the privatekey

Parameters:
  • server_id (string) – The id of the server to retrieve
  • zone_id (string) – The id of the zone to retrieve
Status Codes:
POST /servers/{server_id}/zones/{zone_id}/cryptokeys

Creates a Cryptokey

This method adds a new key to a zone. The key can either be generated or imported by supplying the content parameter. if content, bits and algo are null, a key will be generated based on the default-ksk-algorithm and default-ksk-size settings for a KSK and the default-zsk-algorithm and default-zsk-size options for a ZSK.

Parameters:
  • server_id (string) – The id of the server to retrieve
  • zone_id (string) –
Status Codes:
GET /servers/{server_id}/zones/{zone_id}/cryptokeys/{cryptokey_id}

Returns all data about the CryptoKey, including the privatekey.

Parameters:
  • server_id (string) – The id of the server to retrieve
  • zone_id (string) – The id of the zone to retrieve
  • cryptokey_id (string) – The id value of the CryptoKey
Status Codes:
PUT /servers/{server_id}/zones/{zone_id}/cryptokeys/{cryptokey_id}

This method (de)activates a key from zone_name specified by cryptokey_id

Parameters:
  • server_id (string) – The id of the server to retrieve
  • zone_id (string) –
  • cryptokey_id (string) – Cryptokey to manipulate
Status Codes:
DELETE /servers/{server_id}/zones/{zone_id}/cryptokeys/{cryptokey_id}

This method deletes a key specified by cryptokey_id.

Parameters:
  • server_id (string) – The id of the server to retrieve
  • zone_id (string) – The id of the zone to retrieve
  • cryptokey_id (string) – The id value of the Cryptokey
Status Codes:

Objects

Cryptokey

Describes a DNSSEC cryptographic key

Object Properties:
 
  • type (string) – set to “Cryptokey”
  • id (integer) – The internal identifier, read only
  • keytype (string) –
  • active (boolean) – Whether or not the key is in active use
  • published (boolean) – Whether or not the DNSKEY record is published in the zone
  • dnskey (string) – The DNSKEY record for this key
  • ds ([string]) – An array of DS records for this key
  • cds ([string]) – An array of DS records for this key, filtered by CDS publication settings
  • privatekey (string) – The private key in ISC format
  • algorithm (string) – The name of the algorithm of the key, should be a mnemonic
  • bits (integer) – The size of the key
Zones
Metadata
© Copyright PowerDNS.COM BV. Created using Sphinx.