DNSSEC API

This article describes a feature in Public Beta.

Table of Contents

Enable DNSSEC

POST /:account/domains/:domain/dnssec

Enable DNSSEC for the domain in the account. This will sign the zone. If the domain is registered it will also add the DS record to the corresponding registry.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id

Example

Enable DNSSEC for the domain example.com in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      -X POST \
      https://api.dnsimple.com/v2/1010/domains/example.com/dnssec

Response

Responds with HTTP 201.

{
  "data": {
    "enabled": true,
    "created_at": "2017-03-03T13:49:58Z",
    "updated_at": "2017-03-03T13:49:58Z"
  }
}

Disable DNSSEC

DELETE /:account/domains/:domain/dnssec

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id

Example

Disable DNSSEC for the domain example.com in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      -X DELETE \
      https://api.dnsimple.com/v2/1010/domains/example.com/dnssec

Response

Responds with HTTP 204.

Responds with HTTP 428 if DNSSEC is not currently enabled.

Get DNSSEC

GET /:account/domains/:domain/dnssec

Get the status of DNSSEC, indicating whether it is currently enabled or disabled.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id

Example

Get the DNSSEC status for the domain example.com in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      https://api.dnsimple.com/v2/1010/domains/example.com/dnssec

Response

Responds with HTTP 200.

{
  "data": {
    "enabled": true,
    "created_at": "2017-02-03T17:43:22Z",
    "updated_at": "2017-02-03T17:43:22Z"
  }
}

List delegation signer records

GET /:account/domains/:domain/ds_records

List delegation signer records for the domain in the account.

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id

Example

List all delegation signer records for the domain example.com in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      https://api.dnsimple.com/v2/1010/domains/example.com/ds_records

Response

Responds with HTTP 200.

{
  "data": [
    {
      "id": 24,
      "domain_id": 1010,
      "algorithm": "8",
      "digest": "C1F6E04A5A61FBF65BF9DC8294C363CF11C89E802D926BDAB79C55D27BEFA94F",
      "digest_type": "2",
      "keytag": "44620",
      "created_at": "2017-03-03T13:49:58Z",
      "updated_at": "2017-03-03T13:49:58Z"
    }
  ],
  "pagination": {
    "current_page": 1,
    "per_page": 30,
    "total_entries": 1,
    "total_pages": 1
  }
}

Sorting

For general information about sorting, please refer to the main guide.

Name Description
id Sort delegation signer records by ID
created_at Sort delegation signer records by creation date

The default sorting policy is by ascending id.

Create a delegation signer record

You only need to create a delegation signer record manually if your domain is registered with DNSimple but hosted with another DNS provider that is signing your zone. To enable DNSSEC on a domain that is hosted with DNSimple, use the DNSSEC enable endpoint.

POST /:account/domains/:domain/ds_records

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id

Example

Create a delegation signer record under the domain example.com in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      -H 'Content-Type: application/json' \
      -X POST \
      -d '<json>' \
      https://api.dnsimple.com/v2/1010/domains/example.com/ds_records

Input

Name Type Description
algorithm string Required DNSSEC algorithms defined in http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml - pass the Number value as a string (i.e. “8”).
digest string Required The hexidecimal representation of the digest of the corresponding DNSKEY record.
digest_type string Required DNSSEC digest types defined in http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml - pass the Number value as string (i.e. “2”).
keytag string Required A keytag that references the corresponding DNSKEY record.

For additional information, please see https://tools.ietf.org/html/rfc4034.

Example
{
  "algorithm": "13",
  "digest": "684a1f049d7d082b7f98691657da5a65764913df7f065f6f8c36edf62d66ca03",
  "digest_type": "2",
  "keytag": "2371"
}

Response

Responds with HTTP 201 on success, renders the delegation signer record.

{
  "data": {
    "id": 2,
    "domain_id": 1010,
    "algorithm": "13",
    "digest": "684a1f049d7d082b7f98691657da5a65764913df7f065f6f8c36edf62d66ca03",
    "digest_type": "2",
    "keytag": "2371",
    "created_at": "2017-03-03T15:24:00Z",
    "updated_at": "2017-03-03T15:24:00Z"
  }
}

Responds with HTTP 400 if bad request.

Responds with HTTP 400 if the validation fails.

Get a delegation signer record

GET /:account/domains/:domain/ds_records/:ds_record_id

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id
:ds_record_id integer The delegation signer record id

Example

Get the delegation signer record 1 under the domain example.com in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      https://api.dnsimple.com/v2/1010/domains/example.com/ds_records/1

Response

Responds with HTTP 200 on success, renders the delegation signer record.

{
  "data": {
    "id": 24,
    "domain_id": 1010,
    "algorithm": "8",
    "digest": "C1F6E04A5A61FBF65BF9DC8294C363CF11C89E802D926BDAB79C55D27BEFA94F",
    "digest_type": "2",
    "keytag": "44620",
    "created_at": "2017-03-03T13:49:58Z",
    "updated_at": "2017-03-03T13:49:58Z"
  }
}

Delete a delegation signer record

DELETE /:account/domains/:domain/ds_records/:ds_record_id

Parameters

Name Type Description
:account integer The account id
:domain string, integer The domain name or id
:ds_record_id integer The delegation signer record id

Example

Get the delegation signer record 1 under the domain example.com in the account 1010:

curl  -H 'Authorization: Bearer <token>' \
      -H 'Accept: application/json' \
      https://api.dnsimple.com/v2/1010/domains/example.com/ds_records/1

Response

Responds with HTTP 204 on success.