Prerequisite: To sign a zone, you need to first Create a DNS Zone.
To enable DNSSEC keys for a DNS zone at IONOS Cloud DNS, follow these steps:
1. Perform a POST request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone where you want to enable DNSSEC keys.
3. In the request body, provide the key parameters used to sign the zone. These parameters include the signing algorithm, key length for both Key Signing Keys (KSK), Zone Signing Keys (ZSK), NSEC mode (NSEC or NSEC3), and other relevant settings.
Result: The DNSSEC keys for a DNS zone are successfully enabled.
202 Accepted
To retrieve DNSSEC keys for a specific DNS zone at Cloud DNS, follow these steps:
1. Perform a GET request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone you want to retrieve keys for.
Result: The API response contains a list of DNSSEC keys associated with the specified DNS zone.
200 OK
To disable and delete DNSSEC keys for a DNS zone at Cloud DNS, follow these steps:
1. Perform a DELETE request to the /zones/{zoneId}/keys
endpoint.
2. Replace {zoneId} with the UUID of the DNS zone from which you want to remove DNSSEC keys.
Result: The DNSSEC keys for the selected DNS zone are successfully disabled. The associated DNSSEC key records for the DNS zone is removed.
202 Accepted
Field | Type | Description | Example |
---|---|---|---|
id
string
UUID of the DNSSEC key
98277a78-a6a2-4672-ac9a-a68ca0a8d67a
type
string
Type of the resource
dnsseckeys
href
string
URL of the resource
metadata
object
Metadata of the DNSSEC key
zoneId
string
UUID of the DNS zone
a363f30c-4c0c-4552-9a07-298d87f219bf
items
array
List of DNSSEC keys
keyTag
integer
Key tag of the DNSSEC key
49057
signAlgorithmMnemonic
string
Signing algorithm of the DNSSEC key
RSASHA256
signAlgorithmNumber
integer
Signing algorithm number of the DNSSEC key
8
digestAlgorithmMnemonic
string
Digest algorithm of the DNSSEC key
SHA-1
digestAlgorithmNumber
integer
Digest algorithm number of the DNSSEC key
1
digest
string
Digest of the DNSSEC key
CF58B511B2D8EF99263704A112703586E542E4FA
keyData
object
Key data of the DNSSEC key
flags
integer
Flags of the DNSSEC key
257
protocol
integer
Protocol of the DNSSEC key
3
alg
integer
Algorithm of the DNSSEC key
8
pubKey
string
Public key of the DNSSEC key
AwEAAY6wMNhHk...RIrbLc=