Upsert DNSSEC configuration | regfish DNS & TLS API

PUT

/dns/{domain}/dnssec

DomainDNSSECByDomain

Authentication

x-api-keyapplication/json

Getting startedAuthentication Regfish ConsoleCreate an API key in the regfish console and test it

Parameters

Name

Type

Format

Required

Description

domain

path

string

—

Required

Fully Qualified Domain Name.

Request body

application/jsonRequired

No description was provided in the specification.

dnssecRequest

{
  "mode": "none",
  "state": "disabled"
}

Fields

Name

Type

Format

Required

Description

mode

none, regfish, external

string

—

Required

Requested DNSSEC operating mode. - `none`: no registry DNSSEC should remain active - `regfish`: regfish signs the zone and manages registry trust anchors - `external`: the caller supplies DNSSEC records for external authoritative nameservers

state

disabled, enabled

string

—

Required

Desired high-level DNSSEC state.

verify_after_apply

boolean

—

Optional

When true, the API immediately refreshes registry state and checks DNS delegation after the update.

records

array<object>

—

Optional

Required for `mode=external,state=enabled`. Ignored for regfish-managed activation and for disable operations.

records[].kind

ds, dnskey

string

—

Required

—

records[].key_tag

integer

—

Optional

—

records[].flags

integer

—

Optional

—

records[].protocol

integer

—

Optional

—

records[].algorithm

integer

—

Required

—

records[].digest_type

integer

—

Optional

—

records[].digest

string

—

Optional

—

records[].public_key

string

—

Optional

—

records[].comment

string

—

Optional

—

Request example

PUT

curl --request PUT \
  --url 'https://api.regfish.com/dns/www.example.com/dnssec' \
  --header 'x-api-key: YOUR_API_KEY' \
  --header 'content-type: application/json' \
  --data '{
  "mode": "none",
  "state": "disabled"
}'

Responses

200

DNSSEC configuration accepted

application/jsondnssecResponse

Response example 200

{
  "success": true,
  "code": 0,
  "response": {
    "configured": true,
    "dnssec_state": "active",
    "mode": "none",
    "desired_state": "disabled",
    "live_state": "disabled",
    "capabilities": {
      "supported": true,
      "provider": "example",
      "mode_regfish_available": true,
      "mode_external_available": true,
      "accepted_record_kinds": [
        "ds"
      ],
      "min_records": 1,
      "accepted_algorithms": [
        1
      ]
    },
    "desired_records": [
      {
        "kind": "ds",
        "algorithm": 1
      }
    ],
    "live_records": [
      {
        "kind": "ds",
        "algorithm": 1
      }
    ],
    "using_regfish_nameservers": true,
    "legacy_mode": true,
    "zone_signed": true,
    "zone_pending_disable": true
  }
}

400

Invalid DNSSEC payload

application/jsonError

Response example 400

{
  "success": false,
  "message": "Invalid DNSSEC payload",
  "error": "Invalid DNSSEC payload"
}

401

Unauthorized

application/jsonError

Response example 401

{
  "success": false,
  "message": "Unauthorized",
  "error": "Unauthorized"
}

404

Domain not found

application/jsonError

Response example 404

{
  "success": false,
  "message": "Domain not found",
  "error": "Domain not found"
}

409

DNSSEC cannot be applied in the requested mode or provider state

application/jsonError

Response example 409

{
  "success": false,
  "message": "DNSSEC cannot be applied in the requested mode or provider state",
  "error": "DNSSEC cannot be applied in the requested mode or provider state"
}

417

DNSSEC record set is invalid for this TLD or provider

application/jsonError

Response example 417

{
  "success": false,
  "message": "DNSSEC record set is invalid for this TLD or provider",
  "error": "DNSSEC record set is invalid for this TLD or provider"
}

502

Registry-side DNSSEC operation failed

application/jsonError

Response example 502

{
  "success": false,
  "message": "Registry-side DNSSEC operation failed",
  "error": "Registry-side DNSSEC operation failed"
}

Related models

baseResult

dnssecCapabilities

dnssecDisplayState

High-level DNSSEC status.

dnssecJobResponse

dnssecMode

Requested DNSSEC operating mode. - `none`: no registry DNSSEC should remain active - `regfish`: regfish signs the zone and manages registry trust anchors - `external`: the caller supplies DNSSEC records for external authoritative nameservers

Fine-grained registry DNSSEC state.

Error

fqdn_relaxed

Fully Qualified Domain Name.

Authentication

Parameters

Request body

Fields

Request example

Responses

Become part of the community