Description

This function fetches a domain's Delegation of Signing (DS) records on a domain.

Examples 




https://hostname.example.com:2083/cpsess##########/execute/DNSSEC/fetch_ds_records?domain=example.com



$cpanel = new CPANEL(); // Connect to cPanel - only do this once.

// Fetch DS records.
$sa_settings = $cpanel->uapi(
    'DNSSEC', 'fetch_ds_records',
    array(
        'domain' => 'example.com',
    )
);



my $cpliveapi = Cpanel::LiveAPI->new(); # Connect to cPanel - only do this once.

# Fetch DS records.
my $sa_settings = $cpliveapi->uapi(
    'DNSSEC', 'fetch_ds_records',
    {
        'domain' => 'example.com',
    }
);



<!-- Fetch DS records. -->
[% SET sa_settings = execute('DNSSEC', 'fetch_ds_records' {'domain' => 'example.com',}); %]
[% FOREACH q = data.resultname %]
     <p>
         [% q %]
     </p>
[% END %]



uapi --user=username DNSSEC fetch_ds_records domain=example.com 



{  
   "errors":null,
   "metadata":{  

   },
   "messages":null,
   "data":{  
      "example.tld":{  
         "nsec_details":{  
            "nsec_version":"NSEC"
         },
         "keys":{  
            "10505":{  
               "algo_tag":"RSASHA256",
               "digests":[  
                  {  
                     "algo_num":"1",
                     "digest":"ec1a8d87055c7abc8a52a2aa91260baaeb03a28d",
                     "algo_desc":"SHA-1"
                  },
                  {  
                     "algo_num":"2",
                     "algo_desc":"SHA-256",
                     "digest":"3b40b612965b258774e50cb60eb84bcedd12d847aa1da257065c875557658762"
                  },
                  {  
                     "digest":"9660336b6e79d2b323ca53069aa8b8ae48281423d21a7f36194003ab2abee56caff5018bcba7148ce0443080dbcefd39",
                     "algo_desc":"SHA-384",
                     "algo_num":"4"
                  }
               ],
               "algo_num":"8",
               "key_tag":"10505",
               "bits":"2048",
               "algo_desc":"RSA/SHA-256"
            }
         }
      }
   },
   "status":1
}



Parameters

ParameterTypeDescriptionPossible valuesExample
domainstring

Required.

The domain from which to fetch DS records.

To fetch DS records from multiple domains , increment the parameter name. For example: domain-0, domain-1, domain-2.


A valid domain.example.com

Returns

Return

TypeDescriptionPossible valuesExample

domain

hash of hashes

 

A hash of the domain's DS record information.

The return's name is the domain's name.


Each hash includes the nsec_details and keys hashes.

 

nsec_details

hash

A hash of the Next Secure Record (NSEC) information for the selected domain.

If the domain uses NSEC semantics, only the  nsec_version return appears in this hash.

The function returns this hash in the domain hash.

Each hash includes the nsec_version, nsec3_hash, algo_desk, nsec3_hash_algo_num, nsec3_iterations, nsec3_narrow, nsec3_opt_out, and nsec3_salt returns

nsec_version

string

Whether the domain uses NSEC or NSEC3 DNSSEC semantics.

The function returns this value in the nsec_details hash.

  • NSEC
  • NSEC3
NSEC

nsec3_hash_algo_desc

string

A description of the NSEC3 key's algorithm.

The function returns this value in the nsec_details hash.

A valid hashing algorithm. SHA-1

nsec3_hash_algo_num

integer

The DNSSEC Digest Algorithm Number.

The function returns this value in the nsec_details hash.

A positive integer.1

nsec3_iterations

integer

The number of times that the system rehashes the first hash operation.

The function returns this value in the nsec_details hash.

A positive integer.12

nsec3_narrow

Boolean

Whether NSEC3 will operate in Narrow or Inclusive mode.

For more information about Narrow and Inclusive modes, read PowerDNS's A brief introduction to DNSSEC documentation.

The function returns this value in the nsec_details hash

  • 1 — Narrow mode.
  • 0 — Inclusive mode.
1

nsec3_opt_out

Boolean

Whether NSEC3 will create records for all delegations or only for secure delegations.

The function returns this value in the nsec_details hash.

  • 1 — Create records for all delegations.
  • 0 — Create records only for secure delegations.
1

nsec3_salt

string

The salt value that PowerDNS uses in the hashes.

For more information about the salt value, read the RFC 5155 documentation.

The function returns this value in the nsec_details hash.

A hexidecimal string. 1A2B3C4D5E6F

keys

hash

A hash of the DS keys on the requested domain.

The function returns this hash in the domain hash.

Each hash includes the key_tag return. 

key_tag

hash

 

A hash of information related to the domain's DNSSEC record.

The return's name is the key tag's integer value.

The function returns this hash in the keys hash.

Each hash includes the algo_desc, algo_num, algo_tag, bits, and key_tag returns and the digests array of hashes. 

algo_num

integer

The Internet Engineering Task Force (IETF)-recognizedDNSSEC Digest Algorithm Number.

The function returns this value in the key_tag hash.

A positive integer.2048

algo_tag

string

The short-form reference to the algorithm.

The function returns this value in the key_tag hash.

A valid string.

RSASHA256

digests

array of hashes

An array of the information that the registrar uses to populate the DS records.

The function returns this array in the key_tag hash.

Each array includes the algo_desc, algo_num, and digest returns. 

algo_desc

string

A description of the algorithm that the DS key uses.

The function returns this value in the digests hash.

A valid algorithm. SHA-256

algo_num

integer

The IETF-recognized DNSSEC Algorithm Number.

The function returns this value in the digests hash.

A positive integer.8

digest

string

The actual digest in the DS record.

The function returns this value in the digests hash.

A valid string.

c3aa9fe7a0ac720f06ab61e39c67458d2d66aa8a

algo_num

integer

The Internet Engineering Task Force (IETF)-recognized DNSSEC Digest Algorithm Number.

The function returns this value in the key_tag hash.

A positive integer.8

key_tag

integerThe DS key's identification number.A positive integer.

35897

bits

integer

The DS key's size, in bits.

The function returns this value in the key_tag hash.

A multiple of 64.2048

algo_desc

string

The IETF-recognized DNSSEC Algorithm Number.

The function returns this value in the digests hash.

A valid algorithm.

SHA-256