Manage DNSSEC Signing Keys
Enable DNSSEC keys for a DNS zone
To enable DNSSEC keys for a DNS zone at IONOS Cloud DNS, follow these steps:
1. Perform a POST request to the /zones/{zoneId}/keys endpoint.
2. Replace {zoneId} with the UUID of the DNS zone where you want to enable DNSSEC keys.
3. In the request body, provide the key parameters used to sign the zone. These parameters include the signing algorithm, key length for both Key Signing Keys (KSK), Zone Signing Keys (ZSK), NSEC mode (NSEC or NSEC3), and other relevant settings.
Result: The DNSSEC keys for a DNS zone are successfully enabled.
Request
curl --location 'https://dns.de-fra.ionos.com/zones/7ae956dc-1903-4a33-a797-fdb5a040974d/keys' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--data '{
"properties": {
"keyParameters": {
"algorithm": "RSASHA256",
"kskBits": 4096,
"zskBits": 2048
},
"nsecParameters": {
"nsecMode": "NSEC3",
"nsec3Iterations": 21,
"nsec3SaltBits": 128
},
"validity": 14
}
}'Response
202 Accepted
Retrieve DNSSEC keys for a DNS zone
To retrieve DNSSEC keys for a specific DNS zone at Cloud DNS, follow these steps:
1. Perform a GET request to the /zones/{zoneId}/keys endpoint.
2. Replace {zoneId} with the UUID of the DNS zone you want to retrieve keys for.
Result: The API response contains a list of DNSSEC keys associated with the specified DNS zone.
Request
Response
200 OK
Disable DNSSEC Keys for a DNS zone
To disable and delete DNSSEC keys for a DNS zone at Cloud DNS, follow these steps:
1. Perform a DELETE request to the /zones/{zoneId}/keys endpoint.
2. Replace {zoneId} with the UUID of the DNS zone from which you want to remove DNSSEC keys.
Result: The DNSSEC keys for the selected DNS zone are successfully disabled. The associated DNSSEC key records for the DNS zone is removed.
Request
Response
202 Accepted
Last updated
Was this helpful?