Child pages
  • UAPI Functions - DNSSEC::add_zone_key
Skip to end of metadata
Go to start of metadata

Description

This function generates a DNSSEC zone key for a domain.

Note:

  • After you enable DNSSEC on the domain, you must add the DS records to your registrar.
  • You cannot modify the DNSSEC security key. To make any changes, you must disable (and delete) and re-create the DNSSEC security key.

Important:

In cPanel & WHM version 76 and later, when you disable the DNS role, the system disables this function. For more information, read our How to Use Server Profiles documentation.

Examples


 cPanel or Webmail Session URL
https://hostname.example.com:2083/cpsess##########/execute/DNSSEC/add_zone_key?domain=example.com&algo_num=8&key_type=ksk&key_size=2048&active=1


Note:

This example calls the UAPI function via a cPanel session. For more information, read our Guide to UAPI documentation. 

 LiveAPI PHP Class
$cpanel = new CPANEL(); // Connect to cPanel - only do this once.

// Enable DNSSEC.
$sa_settings = $cpanel->uapi(
    'DNSSEC', 'enable_dnssec',
    array(
        'domain'       => 'example.com',
        'algo_num'     => '8',
        'key_type'     => 'ksk',
        'key_size'     => '2048
        'active'       => '1'
    )
);


Note:

For more information, read our Guide to the LiveAPI System.

 LiveAPI Perl Module
my $cpliveapi = Cpanel::LiveAPI->new(); # Connect to cPanel - only do this once.

# Enable DNSSEC.
my $sa_settings = $cpliveapi->uapi(
    'DNSSEC', 'enable_dnssec',
    {
        'domain'       => 'example.com',
        'algo_num'     => '8',
        'key_type'     => 'ksk',
        'key_size'     => '2048
        'active'       => '1'
    }
);


Note:

For more information, read our Guide to the LiveAPI System.

 Command Line
uapi --user=username DNSSEC enable_dnssec domain=example.com algo_num=8 key_type=ksk key_size=2048 active=1


Notes:

  • You must URI-encode values.
  • username represents your account-level username.
  • For more information and additional output options, read our Guide to UAPI documentation or run the uapi --help command. 
  • If you run CloudLinux™, you must use the full path of the uapi command:

    /usr/local/cpanel/bin/uapi


 Output (JSON)
{  
   "status":1,
   "errors":null,
   "messages":null,
   "warnings": null,
   "metadata":{  
      "DNSSEC":{  
          "domain":"example.com",
		  "new_key_id": "3",
          "success": 1
       }
   },
   "data":null
}


Note:

Use cPanel's API Shell interface (cPanel >> Home >> Advanced >> API Shell) to directly test cPanel API calls.

Parameters

ParameterTypeDescriptionPossible valuesExample
domainstring

Required.

The domain on which to enable DNSSEC.

A valid domain.example.com
algo_numinteger

Required.

The algorithm that the system uses to generate the security key.

  • 5 — RSA/SHA-1
  • 6 — DSA-NSEC3-SHA1
  • 7 — RSASHA1-NSEC3-SHA1
  • 8 — RSA/SHA-256
  • 10 — RSA/SHA-512
  • 13 — ECDSA Curve P-256 with SHA-256
  • 14 — ECDSA Curve P-384 with SHA-384

Note:

We recommend that you use ECDSA Curve P-256 with SHA-256 if your registrar supports it.

8
key_typestring

Required.

The type of key to add.

  • ksk
  • zsk
ksk
key_sizeinteger

The key's size, in bits.

Note:

The following table lists the default key_size values for specified values of the algo_num and key_type parameters:

algo_num

key_type

kskzsk
520481024
620481024
720481024
820481024
1020481024
13256256
14384384

A positive number in bits. The parameter will usually use one of the following values:

  • 256
  • 384
  • 1024
  • 2048
2048
activeBoolean

Whether to activate the newly-created key.

This parameter defaults to 1.

  • 1 — Activate the key.
  • 0 — Do not activate the key.
1

Returns

This function returns only metadata.