You can find our user documentation at docs.cpanel.net.

Check out our new API beta site!

Child pages
  • UAPI Functions - DNSSEC::add_zone_key
Skip to end of metadata
Go to start of metadata

Description

This function generates a DNSSEC zone key for a domain.

Note:

  • After you enable DNSSEC on the domain, you must add the DS records to your registrar.
  • You cannot modify the DNSSEC security key. To make any changes, you must disable (and delete) and re-create the DNSSEC security key.

Important:

In cPanel & WHM version 76 and later, when you disable the DNS role, the system disables this function.

Examples


 cPanel or Webmail Session URL
https://hostname.example.com:2083/cpsess##########/execute/DNSSEC/add_zone_key?domain=example.com&algo_num=8&key_type=ksk&key_size=2048&active=1


Note:

This example calls the UAPI function via a cPanel session. For more information, read our Guide to UAPI documentation. 

 LiveAPI PHP Class
$cpanel = new CPANEL(); // Connect to cPanel - only do this once.

// Enable DNSSEC.
$sa_settings = $cpanel->uapi(
    'DNSSEC', 'add_zone_key',
    array(
        'domain'       => 'example.com',
        'algo_num'     => '8',
        'key_type'     => 'ksk',
        'key_size'     => '2048
        'active'       => '1'
    )
);


Note:

For more information, read our Guide to the LiveAPI System.

 LiveAPI Perl Module
my $cpliveapi = Cpanel::LiveAPI->new(); # Connect to cPanel - only do this once.

# Enable DNSSEC.
my $sa_settings = $cpliveapi->uapi(
    'DNSSEC', 'add_zone_key',
    {
        'domain'       => 'example.com',
        'algo_num'     => '8',
        'key_type'     => 'ksk',
        'key_size'     => '2048
        'active'       => '1'
    }
);


Note:

For more information, read our Guide to the LiveAPI System.

 Command Line
uapi --user=username DNSSEC add_zone_key domain=example.com algo_num=8 key_type=ksk key_size=2048 active=1


Notes:

  • You must URI-encode values.
  • username represents your account-level username.
  • For more information and additional output options, read our Guide to UAPI documentation or run the uapi --help command. 
  • If you run CloudLinux™, you must use the full path of the uapi command:

    /usr/local/cpanel/bin/uapi


 Output (JSON)
{
   "apiversion":3,
   "module":"DNSSEC",
   "func":"add_zone_key",
   "result":{
      "data":{
         "domain":"example.com",
         "new_key_id":"1",
         "success":1
      },
      "status":1,
      "errors":null,
      "messages":null,
      "metadata":{
      },
      "warnings":null
   }
}


Note:

Use cPanel's API Shell interface (cPanel >> Home >> Advanced >> API Shell) to directly test cPanel API calls.

Parameters

ParameterTypeDescriptionPossible valuesExample
domainstring

Required.

The domain on which to enable DNSSEC.

A valid domain.example.com
algo_numinteger

Required.

The algorithm that the system uses to generate the security key.

  • 5 — RSA/SHA-1
  • 6 — DSA-NSEC3-SHA1
  • 7 — RSASHA1-NSEC3-SHA1
  • 8 — RSA/SHA-256
  • 10 — RSA/SHA-512
  • 13 — ECDSA Curve P-256 with SHA-256
  • 14 — ECDSA Curve P-384 with SHA-384

Note:

We recommend that you use ECDSA Curve P-256 with SHA-256 if your registrar supports it.

8
key_type string

Required.

The type of key to add.

  • ksk
  • zsk
ksk
key_sizeinteger

The key's size, in bits.

Note:

The following table lists the default key_size values for specified values of the algo_num and key_type parameters:

algo_num

key_type

kskzsk
520481024
620481024
720481024
820481024
1020481024
13256256
14384384

A positive number in bits.

2048
activeBoolean

Whether to activate the newly-created key.

This parameter defaults to 1.

  • 1 — Activate the key.
  • 0 — Do not activate the key.
1

Returns

Notes:

  • We added the domainnew_key_idsuccess, and error returns in cPanel & WHM version 86.
  • We removed the domainnew_key_idsuccess, and error returns from the metadata in cPanel & WHM version 88.
ReturnTypeDescriptionPossible valuesExample
domainstringThe domain for which the system added a security key.

A valid domain.

example.com
new_key_idstringThe security key's ID.A valid ID.1
successBooleanWhether the system added the security key.
  • 1 — The system added the security key.
  • 0 — The system failed to add the security key.
1
errorstring

An error message that describes why the system could not add the security key.

Note:

The function  only  displays this return when the  success  return is a  0  value.

A valid string.Error: Invalid key_id or domain specified: No such key present for domain.