12 functions, invoked through the cpanel_uapi tool.
scope cpanel:uapi
Call any function with cpanel_uapi(service_id, module="DNSSEC", function, params). Live availability depends on the cPanel features JetHost has enabled on your account — call list_cpanel_operations to see what is active.
When you disable the DNS role, the system disables this function.
domainstringRequired
The security key's domain.
key_idintegerRequired
The security key's ID.
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
domainstring
The domain for which the system activated a security key.
errorstring
An error message that describes why the system could not activate the security key. Note: The function only displays this return when the success return is a 0 value.
key_idstring
The security key's ID.
successinteger
Whether the system activated the security key. 1 - Activated. 0 - The system failed to activate the security key.
This function generates a DNSSEC zone key for a domain.
Note:
After you enable DNSSEC on the domain, you must add the DS records to your registrar.
You cannot modify the DNSSEC security key. To make any changes, you must disable (and delete) and re-create the DNSSEC security key.
Important:
When you disable the DNS role, the system disables this function.
algo_numintegerRequired
The algorithm that the system uses to generate the security key. 5 — RSA/SHA-1 6 — DSA-NSEC3-SHA1 7 — RSASHA1-NSEC3-SHA1 8 — RSA/SHA-256 10 — RSA/SHA-512 13 — ECDSA Curve P-256 with SHA-256 * 14 — ECDSA Curve P-384 with SHA-384 Note: We recommend that you use 'ECDSA Curve P-256 with SHA-256' if your registrar supports it.
domainstringRequired
The domain on which to enable DNSSEC.
key_typestringRequired
The type of key to add. kskzsk
activeintegerOptional
Whether to activate the newly-created key. 1 — Activate the key. 0 — Do not activate the key.
key_sizeintegerOptional
The key's size, in bits. Note: For the following algo_num and key_type parameters, the key_size defaults to the following values: 5 — ksk 2048 zsk 10246 — ksk 2048 zsk 10247 — ksk 2048 zsk 10248 — ksk 2048 zsk 102410 — ksk 2048 zsk 102413 — ksk 256 zsk 256 * 14 — ksk 384 zsk 384
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
domainstring
The domain for which the system added a security key.
errorstring
An error message that describes why the system could not add the security key. Note: The function only displays this return when the success return is a 0 value.
new_key_idstring
The security key's ID.
successinteger
Whether the system added the security key. 1 — The system added the security key. 0 — The system failed to add the security key.
When you disable the DNS role, the system disables this function.
domainstringRequired
The security key's domain.
key_idintegerRequired
The security key's ID.
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
domainstring
The domain for which the system deactivated a security key.
errorstring
An error message that describes why the system could not deactivate the security key. Note The function only displays this return when the success return is a 0 value.
key_idstring
The security key's ID.
successinteger
Whether the system deactivated the security key. 1 - Deactivated. 0 - The system failed to deactivate the security key.
This action is irreversible. If you disable DNSSEC on the domain, you will lose the associated keys. You can only retrieve the previous state with a full backup.
If you disable DNSSEC, you must remove the DNS records at the registrar.
Important:
When you disable the DNS role, the system disables this function.
domainstringRequired
The domain on which to disable DNSSEC. Note: To enable DNSSEC on multiple domains, increment the parameter name. For example: domain-0, domain-1, domain-2.
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
disabledobject
An array of objects that contain the domains for which the system disabled DNSSEC.
additionalPropertiesinteger
Information about the domains for which the system disabled DNSSEC. 1 — Disabled. 0 — The system failed to disable DNSSEC. Note: This return's name is the domain parameter's value.
After you enable DNSSEC on the domain, you must add the DNS records to your registrar.
You cannot modify the DNSSEC security key. To make any changes, you must disable (and delete) and re-create the DNSSEC security key.
Important:
When you disable the DNS role, the system disables this function.
domainstringRequired
The domain on which to enable DNSSEC. Note: To enable DNSSEC on multiple domains, increment the parameter name. For example: domain-0, domain-1, domain-2.
activeintegerOptional
Whether to activate the newly-created key. 1 — Activate the key. 0 — Do not activate the key.
algo_numintegerOptional
The algorithm that the system uses to generate the security key. 5 — RSA/SHA-1 6 — DSA-NSEC3-SHA1 7 — RSASHA1-NSEC3-SHA1 8 — RSA/SHA-256 10 — RSA/SHA-512 13 — ECDSA Curve P-256 with SHA-256 * 14 — ECDSA Curve P-384 with SHA-384 Note: We recommend that you use ECDSA Curve P-256 with SHA-256 if your registrar supports it.
key_setupstringOptional
The manner in which the system creates the security key. simple — Use a single key for both KSK and ZSK. Use this value when the algo_nom parameter is greater than 8. classic — Use separate keys for KSK and ZSK. Use this value when the algo_nom parameter is equal to or less than 8.
nsec3_iterationsintegerOptional
The number of times that the system rehashes the first resource record hash operation. A positive integer less than 501. Note: In cPanel & WHM version 132 and earlier, the default value is 7.
nsec3_narrowintegerOptional
Whether NSEC3 will operate in Narrow or Inclusive mode. In Narrow mode, PowerDNS sends out white lies about the next secure record. Rather than query the resource record in the database, PowerDNS sends the hash plus 1 as the next secure record. 1 — Narrow mode. 0 — Inclusive mode.
nsec3_opt_outintegerOptional
Whether the system will create records for all delegations. 1 — Create records for all delegations. 0 — Create records only for secure delegations. Note:Only select 1 if you must create records for all delegations.
nsec3_saltstringOptional
A hexadecimal string that the system appends to the domain name before it applies the hash function to the name. For more information about the salt value, read the RFC 5155 documentation. NOTE: In cPanel & WHM version 132 and later, this parameter also accepts the literal value - to indicate that no salt should be used. If you do not declare a value, the system defaults to no salt. In cPanel & WHM version 130 and earlier, if you did not declare a value, the system defaulted to a random 64-bit value.
use_nsec3integerOptional
Whether the domain will use Next Secure Record (NSEC) or NSEC3 semantics. 1 — Use NSEC3 semantics. 0 — Use NSEC semantics. Note: If you use NSEC semantics (0), the system ignores the other NSEC3 options.
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
enabledobject
An object containing information about the domains for which the system enabled DNSSEC.
additionalPropertiesobject
Information about the domain for which the system enabled DNSSEC. Note: This return's name is the domain parameter's value.
enabledinteger
Whether the system enabled DNSSEC. 1 — The system enabled DNSSEC. 0 — The system failed to enable DNSSEC.
This function fetches a domain's Delegation of Signing (DS) records.
Important:
When you disable the DNS role, the system disables this function.
domainstringRequired
The domain from which to fetch DS records. Note: To enable DNSSEC on multiple domains, increment the parameter name. For example: domain-0, domain-1, domain-2.
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
additionalPropertiesobject
An object containing the domain's DS record information. Note: The return's name is the domain's name.
keysobject
The DS keys on the requested domain.
additionalPropertiesobject
The information related to the domain's DNSSEC record. Note: The return's name is the key_tag return's integer value.
nsec_detailsobject
An object containing the Next Secure Record (NSEC) information for the selected domain. Note: If the domain uses NSEC semantics, only the nsec_version return appears in the object.
nsec3_hash_algo_descstring
A description of the NSEC3 key's algorithm.
nsec3_hash_algo_numinteger
The DNSSEC Digest Algorithm Number.
nsec3_iterationsinteger
The number of times that the system rehashes the first hash operation.
nsec3_narrowinteger
Whether NSEC3 will operate in Narrow or Inclusive mode. 1 - Narrow mode. 0 - Inclusive mode. Note: For more information about these modes, read PowerDNS's DNSSEC documentation.
One of: 01
nsec3_opt_outinteger
Whether NSEC3 will create records for all delegations or only for secure delegations. 1 - Create records for all delegations. 0 - Create records only for secure delegations.
One of: 01
nsec3_saltstring
The salt value that PowerDNS uses in the hashes. Note: For more information about the salt value, read RFC 5155.
When you disable the DNS role, the system disables this function.
domainstringRequired
The security key's domain.
key_datastringRequired
The security key data that the pdnsutil utility's export-zone-key call returns.
key_typestringRequired
The security key's type. kskzsk
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
domainstring
The domain for which the system imported the zone key.
errorstring
An error message that describes why the system could not import the security key. Note: The function only displays this return when the success return is a 0 value.
new_key_idstring
The security key's ID.
successinteger
Whether the system imported the security key. 1 - The system imported the security key. 0 - The system failed to import the security key.
When you disable the DNS role, the system disables this function.
domainstringRequired
The security key's domain.
key_idintegerRequired
The security key's ID.
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
domainstring
The domain for which the system removed a security key.
errorstring
An error message that describes why the system could not remove the security key. Note: The function only displays this return when the success return is a 0 value.
key_idstring
The security key's ID.
successinteger
Whether the system removed the security key. 1 — The system removed the security key. 0 — The system failed to remove the security key.
This function configures the domain to use Next Secure Record 3 (NSEC3) semantics.
Important:
When you disable the DNS role, the system disables this function.
domainstringRequired
The domain on which to enable NSEC3 semantics.
nsec3_iterationsintegerRequired
The number of times that the system re-executes the first resource record hash operation.
nsec3_narrowintegerRequired
Whether NSEC3 will operate in Narrow mode or Inclusive mode. In Narrow mode, PowerDNS sends out white lies about the next secure record. Rather than query the resource record in the database, PowerDNS sends the hash plus 1 as the next secure record. 1 - Narrow mode. 0 - Inclusive mode.
nsec3_opt_outintegerRequired
Whether the system will create records for all delegations. 1 - Create records for all delegations. 0 - Create records only for secure delegations. Note:Only select 1 if you must create records for all delegations.
nsec3_saltstringRequired
The salt value that PowerDNS uses in the hashes. For more information about the salt value, read the RFC 5155 documentation. Note: In cPanel & WHM version 132 and later, this parameter also accepts the literal value - to indicate no salt value.
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
enabledobject
Contains the domains for which the system enabled NSEC3. Note: This return's name is the domain parameter's value.
This function configures the domain to use Next Secure Record (NSEC) semantics instead of Next Secure Record 3 (NSEC3) semantics.
Important:
When you disable the DNS role, the system disables this function.
domainstringRequired
The domain on which to disable NSEC3 semantics and use NSEC semantics.
Response — normalized as { ok, data, errors[], warnings[] }; data contains:
disabledobject
A list of the domains for which the system disabled NSEC3.
additionalPropertiesinteger
Whether the system disabled NSEC3 on the domain. 1 — Disabled. 0 — The system failed to disable NSEC3. Note: This return's name is the domain parameter's value.