Page tree
Skip to end of metadata
Go to start of metadata

 

Description

This function enables DNSSEC on the domain.

Note:

After you enable DNSSEC on the domain, you must add the DS records to your registrar.

Examples


 cPanel or Webmail Session URL
https://hostname.example.com:2083/cpsess##########/execute/DNSSEC/enable_dnssec?domain=example.com

Note:

This example calls the UAPI function via a cPanel session. For more information, read our Guide to UAPI documentation. 

 LiveAPI PHP Class
$cpanel = new CPANEL(); // Connect to cPanel - only do this once.

// Enable DNSSEC.
$sa_settings = $cpanel->uapi(
    'DNSSEC', 'enable_dnssec',
    array(
        'domain'     => 'example.com',
    )
);

Note:

For more information, read our Guide to the LiveAPI System.

 LiveAPI Perl Module
my $cpliveapi = Cpanel::LiveAPI->new(); # Connect to cPanel - only do this once.

# Enable DNSSEC.
my $sa_settings = $cpliveapi->uapi(
    'DNSSEC', 'enable_dnssec',
    {
        'domain'     => 'example.com',
    }
);

Note:

For more information, read our Guide to the LiveAPI System.

 cPanel Template Toolkit
<!-- Enable DNSSEC. -->
[% SET sa_settings = execute('DNSSEC', 'enable_dnssec' {'domain' => 'example.com',} ); %]

Note:

For more information, read our Guide to Template Toolkit documentation. 

 Command Line
uapi --user=username DNSSEC enable_dnssec domain=example.com 

Notes:

  • You must URI-encode values.
  • username represents your account-level username.
  • For more information and additional output options, read our Guide to UAPI documentation or run the uapi --help command. 
  • We introduced this functionality in cPanel & WHM version 56.

 Output (JSON)
{  
   "status":1,
   "errors":null,
   "messages":null,
   "metadata":{  
      "DNSSEC":{  
         "enabled":{  
            "example.com":{  
               "nsec_version":"NSEC3",
               "enabled":1
            }
         }
      }
   },
   "data":null
}

Note:

Use cPanel's API Shell interface (cPanel >> Home >> Advanced >> API Shell) to directly test cPanel API calls.

Parameters

ParameterTypeDescriptionPossible valuesExample
domainstring

Required.

The domain on which to enable DNSSEC.

Note:

To enable DNSSEC on multiple domains , increment the parameter name. For example: domain-0, domain-1, domain-2.

A valid domain.example.com
use_nsec3Boolean

Whether the domain will use Next Secure Record (NSEC) or NSEC3 semantics.

This value defaults to 1.

 

  • 1 — Use NSEC3 semantics.
  • 0 — Use NSEC semantics.

    Note:

    If you use NSEC semantics (0), the system ignores the other NSEC3 options.

1
nsec3_opt_outBoolean

Whether the system will create records for all delegations.

This value defaults to 0.

 

  • 1 — Create records for all delegations.
  • 0 — Create records only for secure delegations.

    Note:

    Only  select  1  if you  must  create records for all delegations

 

0

nsec3_iterationsinteger

The number of times that the system rehashes the first resource record hash operation.

This value defaults to 7.

A positive integer less than 501.

7

nsec3_narrowBoolean

Whether NSEC3 will operate in Narrow or Inclusive mode.

In Narrow mode, PowerDNS sends out white lies about the next secure record. Rather than query the resource record in the database, PowerDNS sends the hash plus 1 as the next secure record.

This value defaults to 1.

  • 1 — Narrow mode.
  • 0 — Inclusive mode.
1
nsec3_saltstring

A hexadecimal string that the system appends to the domain name before it applies the hash function to the name.

This value defaults to a random 64-bit value.

For more information about the salt value, read the RFC 5155 documentation.

A hexidecimal string. 1A2B3C4D5E6F

Returns

This function returns only metadata.