# DNSSEC

related to DNSSEC

## Retrieve a DNSSEC key

> Get DNSSEC keys for your DNS zone.

```json
{"openapi":"3.0.3","info":{"title":"IONOS Cloud - DNS API","version":"1.18.0"},"tags":[{"name":"DNSSEC","description":"related to DNSSEC"}],"servers":[{"url":"https://dns.de-fra.ionos.com","description":"Frankfurt"}],"security":[{"tokenAuth":[]}],"components":{"securitySchemes":{"tokenAuth":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"dnssecKeyReadList":{"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string","enum":["dnsseckeys"]},"href":{"type":"string","format":"uri","readOnly":true},"metadata":{"$ref":"#/components/schemas/dnssecKeyReadListMetadata"},"properties":{"$ref":"#/components/schemas/dnssecKeyReadListProperties"}}},"dnssecKeyReadListMetadata":{"type":"object","description":"Metadata of the resource with not state information.","properties":{"zoneId":{"$ref":"#/components/schemas/zoneId"},"items":{"$ref":"#/components/schemas/dnssecKeyReadListItems"}}},"zoneId":{"type":"string","readOnly":true,"format":"uuid","description":"The ID (UUID) of the DNS zone of which record belongs to."},"dnssecKeyReadListItems":{"type":"array","title":"List of dnssec keys","items":{"$ref":"#/components/schemas/dnssecKey"}},"dnssecKey":{"type":"object","properties":{"keyTag":{"type":"integer"},"digestAlgorithmMnemonic":{"type":"string","description":"A string that denotes the digest algorithm.\nThis value must conform to the guidelines in [RFC-8624 Section 3.3](https://datatracker.ietf.org/doc/html/rfc8624#section-3.3).\n"},"digest":{"type":"string"},"keyData":{"$ref":"#/components/schemas/keyData"},"composedKeyData":{"description":"Represents the composed value of the The RDATA for a DNSKEY.\nThe format should be the following: Flags | Protocol | Algorithm | Public Key\nThe values must conform to the guidelines in [RFC-4034 Section 2.1](https://www.rfc-editor.org/rfc/rfc4034#section-2.1).\n","type":"string"}}},"keyData":{"type":"object","description":"Represents the separate components of the RDATA for a DNSKEY.\nThe values must conform to the guidelines in [RFC-4034 Section 2.1](https://www.rfc-editor.org/rfc/rfc4034#section-2.1).\n","properties":{"flags":{"description":"Represents the key's metadata and usage information.","type":"integer"},"pubKey":{"description":"Represents the public key data in Base64 encoding.","type":"string"}}},"dnssecKeyReadListProperties":{"type":"object","description":"Properties of the key.\n","properties":{"keyParameters":{"type":"object","properties":{"algorithm":{"$ref":"#/components/schemas/algorithm"}}},"nsecParameters":{"type":"object","properties":{"nsecMode":{"$ref":"#/components/schemas/nsecMode"}}}},"required":["keyParameters","nsecParameters"]},"algorithm":{"type":"string","description":"Algorithm used to generate signing keys (both Key Signing Keys and Zone Signing Keys).","enum":["RSASHA256"]},"nsecMode":{"type":"string","description":"NSEC mode.\n","enum":["NSEC","NSEC3"]},"Error":{"type":"object","additionalProperties":false,"properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation as specified by [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-6).\n"},"messages":{"type":"array","items":{"type":"object","additionalProperties":false,"properties":{"errorCode":{"type":"string","description":"Internal error code.\n"},"message":{"type":"string","description":"Human readable explanation of the issue.\n"}}}}}}},"responses":{"BadRequest":{"description":"### Bad Request\nThe request send to the API was malformed.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"Unauthorized":{"description":"### Unauthorized\nThe request is missing authorization information or the authorization information provided are expired.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"NotAllowed":{"description":"### Not Allowed\nThe user issuing the request does not have the needed permissions.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"NotFound":{"description":"### Not Found\nThe resource that was requested could not be found.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"InternalError":{"description":"### Internal Server Error\nAn internal error occurred. We apologize for the inconvenience!\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/zones/{zoneId}/keys":{"get":{"operationId":"zonesKeysGet","summary":"Retrieve a DNSSEC key","description":"Get DNSSEC keys for your DNS zone.","parameters":[{"name":"zoneId","in":"path","schema":{"type":"string","format":"uuid"},"required":true,"description":"The ID (UUID) of the DNS zone."}],"tags":["DNSSEC"],"responses":{"200":{"description":"Success case, dnssec keys returned.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/dnssecKeyReadList"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/NotAllowed"},"404":{"$ref":"#/components/responses/NotFound"},"500":{"$ref":"#/components/responses/InternalError"}}}}}}
```

## Create a DNSSEC key

> Enable DNSSEC keys and create associated DNSKEY records for your DNS zone.<br>

```json
{"openapi":"3.0.3","info":{"title":"IONOS Cloud - DNS API","version":"1.18.0"},"tags":[{"name":"DNSSEC","description":"related to DNSSEC"}],"servers":[{"url":"https://dns.de-fra.ionos.com","description":"Frankfurt"}],"security":[{"tokenAuth":[]}],"components":{"securitySchemes":{"tokenAuth":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"dnssecKeyCreate":{"type":"object","required":["properties"],"properties":{"properties":{"$ref":"#/components/schemas/dnssecKeyParameters"}}},"dnssecKeyParameters":{"type":"object","description":"Parameters used to sign zone.\n","properties":{"keyParameters":{"$ref":"#/components/schemas/keyParameters"},"nsecParameters":{"$ref":"#/components/schemas/nsecParameters"},"validity":{"$ref":"#/components/schemas/validity"}},"required":["keyParameters","nsecParameters","validity"]},"keyParameters":{"type":"object","required":["algorithm","kskBits","zskBits"],"description":"Key parameters used to sign the zone.\n","properties":{"algorithm":{"$ref":"#/components/schemas/algorithm"},"kskBits":{"$ref":"#/components/schemas/kskBits"},"zskBits":{"$ref":"#/components/schemas/zskBits"}}},"algorithm":{"type":"string","description":"Algorithm used to generate signing keys (both Key Signing Keys and Zone Signing Keys).","enum":["RSASHA256"]},"kskBits":{"type":"integer","description":"Key signing key length in bits.\nkskBits >= zskBits\n","enum":[1024,2048,4096]},"zskBits":{"type":"integer","description":"Zone signing key length in bits.\n","enum":[1024,2048,4096]},"nsecParameters":{"type":"object","required":["nsecMode","nsec3Iterations","nsec3SaltBits"],"description":"Nsec parameters.\n","properties":{"nsecMode":{"$ref":"#/components/schemas/nsecMode"},"nsec3Iterations":{"$ref":"#/components/schemas/nsec3Iterations"},"nsec3SaltBits":{"$ref":"#/components/schemas/nsec3SaltBits"}}},"nsecMode":{"type":"string","description":"NSEC mode.\n","enum":["NSEC","NSEC3"]},"nsec3Iterations":{"type":"integer","description":"Number of iterations for NSEC3. (between 0 and 50)\n","minimum":0,"maximum":50},"nsec3SaltBits":{"type":"integer","description":"Salt length in bits for NSEC3. (between 64 and 128, multiples of 8)\n","minimum":64,"maximum":128},"validity":{"type":"integer","description":"Signature validity in days\n","minimum":90,"maximum":365},"dnssecKeyReadCreation":{"type":"object","required":["id","type","href","properties"],"properties":{"properties":{"$ref":"#/components/schemas/dnssecKeyParameters"},"id":{"type":"string"},"type":{"type":"string","enum":["dnsseckeys"]},"href":{"type":"string","format":"uri","readOnly":true}}},"Error":{"type":"object","additionalProperties":false,"properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation as specified by [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-6).\n"},"messages":{"type":"array","items":{"type":"object","additionalProperties":false,"properties":{"errorCode":{"type":"string","description":"Internal error code.\n"},"message":{"type":"string","description":"Human readable explanation of the issue.\n"}}}}}}},"responses":{"BadRequest":{"description":"### Bad Request\nThe request send to the API was malformed.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"Unauthorized":{"description":"### Unauthorized\nThe request is missing authorization information or the authorization information provided are expired.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"NotAllowed":{"description":"### Not Allowed\nThe user issuing the request does not have the needed permissions.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"NotFound":{"description":"### Not Found\nThe resource that was requested could not be found.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"ConflictErrorDNSSEC":{"description":"### Conflict Error\nYou can only have one DNSSEC per zone, and this zone already has one in place.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"InternalError":{"description":"### Internal Server Error\nAn internal error occurred. We apologize for the inconvenience!\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/zones/{zoneId}/keys":{"post":{"operationId":"zonesKeysPost","description":"Enable DNSSEC keys and create associated DNSKEY records for your DNS zone.\n","summary":"Create a DNSSEC key","parameters":[{"name":"zoneId","in":"path","schema":{"type":"string","format":"uuid"},"required":true,"description":"The ID (UUID) of the DNS zone."}],"tags":["DNSSEC"],"requestBody":{"description":"Enable DNSSEC request.","required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/dnssecKeyCreate"}}}},"responses":{"202":{"description":"Successful operation.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/dnssecKeyReadCreation"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/NotAllowed"},"404":{"$ref":"#/components/responses/NotFound"},"409":{"$ref":"#/components/responses/ConflictErrorDNSSEC"},"500":{"$ref":"#/components/responses/InternalError"}}}}}}
```

## Delete a DNSSEC key

> Disable DNSSEC keys and remove associated DNSKEY records for your DNS zone.<br>

```json
{"openapi":"3.0.3","info":{"title":"IONOS Cloud - DNS API","version":"1.18.0"},"tags":[{"name":"DNSSEC","description":"related to DNSSEC"}],"servers":[{"url":"https://dns.de-fra.ionos.com","description":"Frankfurt"}],"security":[{"tokenAuth":[]}],"components":{"securitySchemes":{"tokenAuth":{"type":"apiKey","description":"Please provide header value as 'Bearer <token>' and don't forget to add 'Bearer' HTTP Authorization Scheme before the token.","name":"Authorization","in":"header"}},"schemas":{"EmptyBodyResponse":{"type":"object","properties":{}},"Error":{"type":"object","additionalProperties":false,"properties":{"httpStatus":{"type":"integer","description":"HTTP status code of the operation as specified by [RFC 7231](https://datatracker.ietf.org/doc/html/rfc7231#section-6).\n"},"messages":{"type":"array","items":{"type":"object","additionalProperties":false,"properties":{"errorCode":{"type":"string","description":"Internal error code.\n"},"message":{"type":"string","description":"Human readable explanation of the issue.\n"}}}}}}},"responses":{"BadRequest":{"description":"### Bad Request\nThe request send to the API was malformed.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"Unauthorized":{"description":"### Unauthorized\nThe request is missing authorization information or the authorization information provided are expired.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"NotAllowed":{"description":"### Not Allowed\nThe user issuing the request does not have the needed permissions.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"NotFound":{"description":"### Not Found\nThe resource that was requested could not be found.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"InternalError":{"description":"### Internal Server Error\nAn internal error occurred. We apologize for the inconvenience!\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/zones/{zoneId}/keys":{"delete":{"operationId":"zonesKeysDelete","summary":"Delete a DNSSEC key","description":"Disable DNSSEC keys and remove associated DNSKEY records for your DNS zone.\n","parameters":[{"name":"zoneId","in":"path","schema":{"type":"string","format":"uuid"},"required":true,"description":"The ID (UUID) of the DNS zone."}],"tags":["DNSSEC"],"responses":{"202":{"description":"Successful operation.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/EmptyBodyResponse"}}}},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/NotAllowed"},"404":{"$ref":"#/components/responses/NotFound"},"500":{"$ref":"#/components/responses/InternalError"}}}}}}
```