Child pages
  • UAPI Functions - DNSSEC::enable_dnssec
Skip to end of metadata
Go to start of metadata

Description

This function enables DNSSEC on the domain.

Note:

  • After you enable DNSSEC on the domain, you must add the DS records to your registrar.
  • You cannot modify the DNSSEC security key. To make any changes, you must disable (and delete) and re-create the DNSSEC security key.

Important:

In cPanel & WHM version 76 and later, when you disable the DNS role, the system disables this function. For more information, read our How to Use Server Profiles documentation.

Examples


 cPanel or Webmail Session URL
https://hostname.example.com:2083/cpsess##########/execute/DNSSEC/enable_dnssec?domain=example.com


Note:

This example calls the UAPI function via a cPanel session. For more information, read our Guide to UAPI documentation. 

 LiveAPI PHP Class
$cpanel = new CPANEL(); // Connect to cPanel - only do this once.

// Enable DNSSEC.
$sa_settings = $cpanel->uapi(
    'DNSSEC', 'enable_dnssec',
    array(
        'domain'     => 'example.com',
    )
);


Note:

For more information, read our Guide to the LiveAPI System.

 LiveAPI Perl Module
my $cpliveapi = Cpanel::LiveAPI->new(); # Connect to cPanel - only do this once.

# Enable DNSSEC.
my $sa_settings = $cpliveapi->uapi(
    'DNSSEC', 'enable_dnssec',
    {
        'domain'     => 'example.com',
    }
);


Note:

For more information, read our Guide to the LiveAPI System.

 Command Line
uapi --user=username DNSSEC enable_dnssec domain=example.com 


Notes:

  • You must URI-encode values.
  • username represents your account-level username.
  • For more information and additional output options, read our Guide to UAPI documentation or run the uapi --help command. 
  • If you run CloudLinux™, you must use the full path of the uapi command:

    /usr/local/cpanel/bin/uapi


 Output (JSON)
{  
   "status":1,
   "errors":null,
   "messages":null,
   "metadata":{  
      "DNSSEC":{  
         "enabled":{  
            "example.com":{  
               "nsec_version":"NSEC3",
               "enabled":1
            }
         }
      }
   },
   "data":null
}


Note:

Use cPanel's API Shell interface (cPanel >> Home >> Advanced >> API Shell) to directly test cPanel API calls.

Parameters

ParameterTypeDescriptionPossible valuesExample
domainstring

Required.

The domain on which to enable DNSSEC.

Note:

To enable DNSSEC on multiple domains , increment the parameter name. For example: domain-0 , domain-1 , domain-2 .

A valid domain.example.com
use_nsec3Boolean

Whether the domain will use Next Secure Record (NSEC) or NSEC3 semantics.

This value defaults to 1.


  • 1 — Use NSEC3 semantics.
  • 0 — Use NSEC semantics.

    Note:

    If you use NSEC semantics (0), the system ignores the other NSEC3 options.

1
nsec3_opt_outBoolean

Whether the system will create records for all delegations.

This value defaults to 0.


  • 1 — Create records for all delegations.
  • 0 — Create records only for secure delegations.

    Note:

    Only  select  1  if you  must  create records for all delegations


0

nsec3_iterationsinteger

The number of times that the system rehashes the first resource record hash operation.

This value defaults to 7.

A positive integer less than 501.

7

nsec3_narrowBoolean

Whether NSEC3 will operate in Narrow or Inclusive mode.

In Narrow mode, PowerDNS sends out white lies about the next secure record. Rather than query the resource record in the database, PowerDNS sends the hash plus 1 as the next secure record.

This value defaults to 1.

  • 1 — Narrow mode.
  • 0 — Inclusive mode.
1
nsec3_saltstring

A hexadecimal string that the system appends to the domain name before it applies the hash function to the name.

This value defaults to a random 64-bit value.

For more information about the salt value, read the RFC 5155 documentation.

A hexidecimal string. 1A2B3C4D5E6F
algo_numinteger

The algorithm that the system uses to generate the security key.

Note:

We added this parameter in cPanel & WHM version 84.

This parameter defaults to 8.

  • 5 — RSA/SHA-1
  • 6 — DSA-NSEC3-SHA1
  • 7 — RSASHA1-NSEC3-SHA1
  • 8 — RSA/SHA-256
  • 10 — RSA/SHA-512
  • 13 — ECDSA Curve P-256 with SHA-256
  • 14 — ECDSA Curve P-384 with SHA-384

Note:

We recommend that you use ECDSA Curve P-256 with SHA-256 if your registrar supports it.

8
key_setupstring

The manner in which the system creates the security key.

Note:

We added this parameter in cPanel & WHM version 84.

This parameter defaults to classic.

  • simple — Use a single key for both KSK and ZSK. Use this value when the algo_nom parameter is greater than 8.
  • classic — Use separate keys for KSK and ZSK. Use this value when the algo_nom parameter is equal to or less than 8.
2
activeBoolean

Whether to activate the newly-created key.

Note:

We added this parameter in cPanel & WHM version 84.

This parameter defaults to 1.

  • 1 — Activate the key.
  • 0 — Do not activate the key.
1

Returns

This function returns only metadata.