Page tree
Skip to end of metadata
Go to start of metadata

 

Description

This function fetches a domain's Delegation of Signing (DS) records on a domain.

Examples 


 cPanel or Webmail Session URL
https://hostname.example.com:2083/cpsess##########/execute/DNSSEC/fetch_ds_records?domain=example.com

Unable to render {include} The included page could not be found.

 LiveAPI PHP Class
$cpanel = new CPANEL(); // Connect to cPanel - only do this once.

// Fetch DS records.
$sa_settings = $cpanel->uapi(
    'DNSSEC', 'fetch_ds_records',
    array(
        'domain' => 'example.com',
    )
);

Unable to render {include} The included page could not be found.

 LiveAPI Perl Module
my $cpliveapi = Cpanel::LiveAPI->new(); # Connect to cPanel - only do this once.

# Fetch DS records.
my $sa_settings = $cpliveapi->uapi(
    'DNSSEC', 'fetch_ds_records',
    {
        'domain' => 'example.com',
    }
);

Unable to render {include} The included page could not be found.

 cPanel Template Toolkit
<!-- Fetch DS records. -->
[% SET sa_settings = execute('DNSSEC', 'fetch_ds_records' {'domain' => 'example.com',}); %]

Unable to render {include} The included page could not be found.

 Command Line
uapi --user=username DNSSEC fetch_ds_records domain=example.com 

Unable to render {include} The included page could not be found.

 Output (JSON)
{  
   "errors":null,
   "metadata":{  

   },
   "messages":null,
   "data":{  
      "example.tld":{  
         "nsec_details":{  
            "nsec_version":"NSEC"
         },
         "keys":{  
            "10505":{  
               "algo_tag":"RSASHA256",
               "active":"1",
               "digests":[  
                  {  
                     "algo_num":"1",
                     "digest":"ec1a8d87055c7abc8a52a2aa91260baaeb03a28d",
                     "algo_desc":"SHA-1"
                  },
                  {  
                     "algo_num":"2",
                     "algo_desc":"SHA-256",
                     "digest":"3b40b612965b258774e50cb60eb84bcedd12d847aa1da257065c875557658762"
                  },
                  {  
                     "digest":"9660336b6e79d2b323ca53069aa8b8ae48281423d21a7f36194003ab2abee56caff5018bcba7148ce0443080dbcefd39",
                     "algo_desc":"SHA-384",
                     "algo_num":"4"
                  }
               ],
               "algo_num":"8",
               "key_tag":"10505",
               "bits":"2048",
               "algo_desc":"RSA/SHA-256"
            }
         }
      }
   },
   "status":1
}

Unable to render {include} The included page could not be found.

Parameters

ParameterTypeDescriptionPossible valuesExample
domainstring

Required.

The domain from which to fetch DS records.

Note:

To fetch DS records from multiple domains , increment the parameter name. For example: domain-0, domain-1, domain-2.

A valid domain.example.com

Returns

Return

TypeDescriptionPossible valuesExample

domain*

hash of hashes

 

A hash of the domain's DS record information.

Note:

The return's name is the domain's name.

This hash includes the DS records of the selected domains. Each hash includes the keys and returns.

 

keys

hash

A hash of the DS keys on the requested domain.

The function returns this hash in the domain hash.

This hash includes the selected domain's keys. Each hash includes the key return. 

key_tag*

hash

 

A hash of the related key_tag information.

The function returns this hash in the keys hash.

Note:

The return's name is the key_tag name.

This hash includes the key information for the named key. Each hash includes the active, algo_desc, algo_num, algo_tag, bits, digests, and key_tag returns. 

active

Boolean

Whether the key is currently active.

The function returns this value in the key_tag hash.

  • 1 — Active.
  • 0 — Inactive.
1

algo_desc

string

A description of the key's algorithm.

The function returns this value in the key_tag hash.

A valid string.

SHA-256

algo_num

integer

The Internet Engineering Task Force (IETF)-recognized DNSSEC Digest Algorithm Number.

The function returns this value in the key_tag hash.

A valid positive integer.8

algo_tag

string

The short-form reference to the algorithm.

The function returns this value in the key_tag hash.

A valid string.

RSASHA256

bits

integer

The key size, in bits.

The function returns this value in the key_tag hash.

A multiple of 64.2048

digests

array of hashes

An array of the information that the registrar uses to populate the DS records.

The function returns this array in the key_tag hash.

This array includes the digest information for the key. Each hash includes the algo_desc, algo_num, and digest returns. 

algo_desc

string

A description of the algorithm that the key uses.

The function returns this value in the digests hash.

A valid algorithm.SHA-256

algo_num

integer

The IETF-recognized DNSSEC Algorithm Number.

The function returns this value in the digests hash.

A valid positive integer.8

digest

string

The actual digest in the DS record.

The function returns this value in the digests hash.

A valid string.

c3aa9fe7a0ac720f06ab61e39c67458d2d66aa8a

key_tag

integerThe key's identification number.A valid positive integer.

35897

nsec_details

hash

A hash of the Next Secure Record (NSEC) information for the selected domain.

Note:

If the domain uses NSEC semantics, only the nsec_version return appears in this hash.

This hash includes the NSEC details information for the named key. Each hash includes the nsec_version, nsec3_hash_algo_desc, nsec3_hash_algo_num, nsec3_iterations, nsec3_narrow, nsec3_opt_out, and nsec3_salt returns. 

nsec_version

string

Whether the DNSSEC semantics are set to NSEC or NSEC3.

The function returns this value in the nsec_details hash.

  • NSEC
  • NSEC3
NSEC3

nsec3_hash_algo_desc

string

A description of the key's algorithm.

The function returns this value in the nsec_details hash.

A valid string.

SHA-1

nsec3_hash_algo_num

integer

The DNSSEC Digest Algorithm Number.

The function returns this value in the nsec_details hash.

A valid positive integer.1

nsec3_iterations

integer

The number of times that the system rehashes the first hash operation.

The function returns this value in the nsec_details hash.

A valid positive integer.12

nsec3_narrow

Boolean

Whether NSEC3 will operate in Narrow or Inclusive mode.

In Narrow mode, PowerDNS sends out white lies about the next secure record. Rather than query the resource record in the database, PowerDNS sends the hash plus 1 as the next secure record.

The function returns this value in the nsec_details hash.

  • 1 — Narrow mode.
  • 0 — Inclusive mode.
1

nsec3_opt_out

Boolean

Whether NSEC3 will create records for all delegations or only for secure delegations.

The function returns this value in the nsec_details hash.

  • 1 — Create records for all delegations.
  • 0 — Create records only for secure delegations.
0

nsec3_salt

string

The salt value used in the hashes.

The function returns this value in the nsec_details hash.

A hexidecimal string.

abcd