Publish a DNSSEC key
This endpoint allows you to add a DS record on a domain by publishing your DNSSEC key to the domain registry.
You need to add manually a DS record if your domain is registered with Nameshield but not hosted on Nameshield nameservers.
To enable DNSSEC on a domain that is hosted on Nameshield nameservers as primary, use the specific endpoint "Enable DNSSEC for a zone".
This feature requires the domain to have a DNSSEC compatible TLD. If a registry lock is set on the domain, it must be unlocked to perform this operation.
Endpoint
POST /dns/v3/zones/{zonename}/dnssec/keys
Parameters
| Name | Location | Required | Type | Default value | Description |
|---|---|---|---|---|---|
| zonename | URL | Yes | String | The zone name | |
| security_checks | URL | No | Boolean | true | Check that the key is used to sign the zone in order to avoid DNSSEC validation failures |
| Body | Yes | InputDnssecKey | The DNSSEC key data |
Response
The created DnssecKey object.
Example Request
POST /dns/v3/zones/example.com/dnssec/keys
Content-Type: application/json
Body
{
"public_key": "MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgHTc6SB7q2UnFI3Rtz0c+eYHv/eJmasjVvCG/6hWwMDPifd0bfuZtSouaA2aA7m+Ctk1OYFlPc3caGedPRy6f1JyCI/YWL+Oos35LSMnJlW977bynC/ecHFKARR8XUbi0p6Nu7L77jXd3Q0f+ZsK4UeEjjM6rqUHgAXjpJo7yVuvAgMBAAE=",
"algorithm": 8
}
Example Response
{
"message": "OK",
"data": {
"id": "55555",
"domain": "example.com",
"keytag": 1234,
"flags": 257,
"algorithm": 8,
"digest": "DCE839052E82C23842CB373A580DFDC52A325CEFAC72E7F8107E2B6BD7306C38",
"digest_type": 2,
"public_key": "MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgHTc6SB7q2UnFI3Rtz0c+eYHv/eJmasjVvCG/6hWwMDPifd0bfuZtSouaA2aA7m+Ctk1OYFlPc3caGedPRy6f1JyCI/YWL+Oos35LSMnJlW977bynC/ecHFKARR8XUbi0p6Nu7L77jXd3Q0f+ZsK4UeEjjM6rqUHgAXjpJo7yVuvAgMBAAE=",
"status": "PENDING_PUBLISH",
"created_at": "2021-01-05T16:48:27.000000Z",
"published_at": null,
"deleted_at": null,
"unpublished_at": null
}
}