DNSSEC

True if DNSSEC is activated for any of the TLDs the Service Provider is signed up for.

Deleting a Delegation Signer (DS) Record

Description

Deletes a Delegation Signer (DS) Record for a Domain Registration Order.

Parameters

Name Data Type Required / Optional Description
auth-userid Integer Required Authentication Parameter
api-key String Required Authentication Parameter
order-id Integer Required Order ID associated with the domain name for which you want to delete the DS record
attr-name Map[name] Required Mapping key of the details associated with a DS Record. Refer the description of attr-value.
attr-value Map[value] Required

Mapping value of the details associated with a DS Record. This together with attr-name shall contain the details.

  • To delete a DS Record associated with a Domain Registration Order:

    • keytag: Key Tag value associated with the DS Record

    • algorithm: Algorithm associated with the DS Record

    • digesttype: Digest Type associated with the DS Record. Applicable values are 1, 2 & 3 for .COM / .NET and 1 & 2 for other domain name extensions.

    • digest: Digest associated with the DS Record - a 40-character string for Digest Type value 1 and a 64-character string for Digest Type values 2 and 3

HTTP Method

POST

Example Test URL Request


https://test.httpapi.com/api/domains/del-dnssec.xml?auth-userid=0&api-key=key&order-id=0&attr-name1=keytag&attr-value1=123&attr-name2=algorithm&attr-value2=3&attr-name3=digesttype&attr-value3=1&attr-name4=digest&attr-value4=49FD46E6C4B45C55D4AC49FD46E6C4B45C55D111

Response

Returns a hash map containing the below details:

  • Domain Name (description)

  • Order ID of the Domain Registration Order (entityid)

  • Action Type (actiontype)

  • Description of the Delete DS Record Action (actiontypedesc)

  • Action ID of the Delete DS Record Action (eaqid)

  • Delete DS Record Action Status (actionstatus)

  • Description of the Delete DS Record Action Status (actionstatusdesc)

In case of any errors, a status key with value as ERROR along with an error message will be returned.

Adding a Delegation Signer (DS) Record

Description

Adds a Delegation Signer (DS) Record for a Domain Registration Order.

Note

Currently, supports DS Record only for the following domain name extensions:

  • .COM

  • .IN

  • .ME

  • .NET

  • .ORG

Parameters

Name Data Type Required / Optional Description
auth-userid Integer Required Authentication Parameter
api-key String Required Authentication Parameter
order-id Integer Required Order ID associated with the domain name for which you want to add the DS record
attr-name Map[name] Required Mapping key of the details needed to add a DS Record. Refer the description of attr-value.
attr-value Map[value] Required

Mapping value of the details needed to add a DS Record. This together with attr-name shall contain the details.

  • To add a DS Record for a Domain Registration Order:

    • keytag: Contains the tag value of the DNSKEY Resource Record that validates this signature. An integer value in the range 0 to 65536.

    • algorithm: The cryptographic algorithm that is used to generate the signature. An integer value in the range 0 to 255.

    • digesttype: The algorithm type used to construct the Digest. Applicable values are 1, 2 & 3 for .COM / .NET and 1 & 2 for other domain name extensions.

    • digest: An alpha-numeric string generated by applying the Digest Type algorithm to a message. It needs to be a 40-character string for Digest Type value 1 and a 64-character string for Digest Type values 2 and 3.

HTTP Method

POST

Example Test URL Request


https://test.httpapi.com/api/domains/add-dnssec.xml?auth-userid=0&api-key=key&order-id=0&attr-name1=keytag&attr-value1=123&attr-name2=algorithm&attr-value2=3&attr-name3=digesttype&attr-value3=1&attr-name4=digest&attr-value4=49FD46E6C4B45C55D4AC49FD46E6C4B45C55D111

Response

Returns a hash map containing the below details:

  • Domain Name (description)

  • Order ID of the Domain Registration Order (entityid)

  • Action Type (actiontype)

  • Description of the Add DS Record Action (actiontypedesc)

  • Action ID of the Add DS Record Action (eaqid)

  • Add DS Record Action Status (actionstatus)

  • Description of the Add DS Record Action Status (actionstatusdesc)

In case of any errors, a status key with value as ERROR along with an error message will be returned.

Adding Delegation Signer (DS) Records

A Delegation Signer (DS) Record contains the digital signature information for your domain name's DNS and is used to identify the DNSSEC signing key of a delegated zone. DS Record(s) for your domain name can be managed from its Order Details view, within your Control Panel.

Note

Currently, supports DS Record only for the following domain name extensions:

  • .COM

  • .IN

  • .ME

  • .NET

  • .ORG

Adding a DS Record

  1. Login to your Control Panel, search for the domain name and proceed to the Order Information
    view. See details

  2. Click the DNSSEC link.

  3. This will display the Manage DNSSEC view.

    Note

    The Manage DNSSEC view will display a list of DS Records, if already added. Here, click the Add Records button to proceed.

    Provide information for the following fields and then click the Save button:

    • Key Tag: Contains the tag value of the DNSKEY Resource Record that validates this signature. An integer value in the range 0 to 65536.

    • Algorithm: The cryptographic algorithm that is used to generate the signature

    • Digest Type: The algorithm type used to construct the Digest. Applicable values are 1, 2 & 3 for .COM / .NET and 1 & 2 for other domain name extensions.

    • Digest: An alpha-numeric string generated by applying the Digest Type algorithm to a message. It needs to be a 40-character string for Digest Type value 1 and a 64-character string for Digest Type values 2 and 3.

Deleting a DS Record

  1. Login to your Control Panel, search for the domain name and proceed to the Order Information
    view. See details

  2. Click the DNSSEC link.

  3. Click the Delete link under the Action column, corresponding to the DS Record you wish to delete.

  4. Confirm the deletion by clicking the OK button.

What is DNSSEC?

Domain Name System (DNS)

The Domain Name System (DNS) is a distributed database, arranged hierarchically, containing records for domain names. The DNS system's main aim is to match a domain name
to an IP Address. When a user types a domain name in a browser, the DNS translates the domain name to an IP Address.

Vulnerabilities were discovered in the DNS that allow a hacker to hijack this process of looking a site up on the Internet using the domain name. The purpose of such an attack is to take control of the user session to, for example, send the user to the hijacker's own deceptive web site for sensitive data collection. This lead to the introduction of Domain Name System Security Extensions (DNSSEC).

Domain Name System Security Extensions (DNSSEC)

Domain Name System Security Extensions (DNSSEC) is a technology developed to protect against malicious activities like cache poisoning, pharming, and man-in-the-middle attacks. It adds digital signatures to a domain name's DNS to determine the authenticity of the source domain name. DNSSEC is a set of extensions to DNS that provides to DNS clients (resolvers):

  • Origin authentication of DNS data,

  • Authenticated denial of existence,

    and

  • Data integrity.

DNSSEC uses a digital signature to create a chain of authority. Then, it uses the chain to verify that the source domain name, which the DNS resolver returns, matches the DNS record stored at the authoritative DNS. If it cannot validate the source, it discards the response. This ensures that the user is connecting to the actual address for a domain name.

DNSSEC is currently supported for the following TLDs (domain name extensions):

  • By the Registry Operator:

    • .COM

    • .DE

    • .EU

    • .IN

    • .ME

    • .NET

    • .NL

    • .NZ

    • .ORG

    • .UK

    • .US

    • CentralNIC

  • By :

    • .COM

    • .IN

    • .ME

    • .NET

    • .ORG