Updated on 2025-08-07 GMT+08:00

Enabling DNSSEC

Function

This API is used to enable DNSSEC for a public zone.

Calling Method

For details, see Calling APIs.

URI

POST /v2/zones/{zone_id}/enable-dnssec

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

zone_id

Yes

String

Public zone ID

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition

The user token.

The token can be obtained by calling an IAM API. The value of X-Subject-Token in the response header is the user token.

For details about how to obtain a user token, seeObtaining a User Token.

Constraints

N/A

Range

N/A

Default Value

N/A

Response Parameters

Status code: 202

Table 3 Response body parameters

Parameter

Type

Description

zone_name

String

Domain name

key_tag

Integer

Key tag

flag

Integer

Flag

digest_algorithm

String

Digest algorithm

digest_type

Integer

Digest algorithm type

digest

String

Digest

signature

String

Signature algorithm

signature_type

Integer

Signature algorithm type

ksk_public_key

String

Public key

ds_record

String

DS record

created_at

String

The creation time.

Format: yyyy-MM-dd'T'HH:mm:ss.SSS

updated_at

String

The update time.

Format: yyyy-MM-dd'T'HH:mm:ss.SSS

status

String

Status.

Value options:

  • ENABLE: DNSSEC is enabled.

  • DISABLE: DNSSEC is disabled.

Status code: 400

Table 4 Response body parameters

Parameter

Type

Description

code

String

Definition

Error code

Range

N/A

message

String

Definition

Error description

Range

N/A

Status code: 500

Table 5 Response body parameters

Parameter

Type

Description

code

String

Definition

Error code

Range

N/A

message

String

Definition

Error description

Range

N/A

Example Requests

None

Example Responses

Status code: 202

Request accepted

{
  "zone_name" : "example.com.",
  "key_tag" : 46576,
  "flag" : 257,
  "digest" : "2cb6a21bc5ea1622a24d35b94d171dcc06523daf708f6eb08c3358608e84f51c",
  "digest_algorithm" : "SHA256",
  "digest_type" : 2,
  "signature" : "ECDSAP256SHA256",
  "signature_type" : 13,
  "ksk_public_key" : "M7/fjwRNXwWsBxjIMZ2KzxEQ+DnhZ8pbPTn8VCcPKdrDhvV750DkFdXhuXRMLFHrXI9xjIVUugtVKgmdPIEf8w==",
  "ds_record" : "example.com. 300 IN DS 46576 13 2 2cb6a21bc5ea1622a24d35b94d171dcc06523daf708f6eb08c3358608e84f51c",
  "created_at" : "2023-11-17T12:03:17.827",
  "updated_at" : "2023-11-17T12:03:17.827",
  "status" : "ENABLE"
}

SDK Sample Code

The SDK sample code is as follows.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.dns.v2.region.DnsRegion;
import com.huaweicloud.sdk.dns.v2.*;
import com.huaweicloud.sdk.dns.v2.model.*;


public class EnableDnssecConfigSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new BasicCredentials()
                .withAk(ak)
                .withSk(sk);

        DnsClient client = DnsClient.newBuilder()
                .withCredential(auth)
                .withRegion(DnsRegion.valueOf("<YOUR REGION>"))
                .build();
        EnableDnssecConfigRequest request = new EnableDnssecConfigRequest();
        request.withZoneId("{zone_id}");
        try {
            EnableDnssecConfigResponse response = client.enableDnssecConfig(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkdns.v2.region.dns_region import DnsRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkdns.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]

    credentials = BasicCredentials(ak, sk)

    client = DnsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(DnsRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = EnableDnssecConfigRequest()
        request.zone_id = "{zone_id}"
        response = client.enable_dnssec_config(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    dns "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dns/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dns/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dns/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := dns.NewDnsClient(
        dns.DnsClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.EnableDnssecConfigRequest{}
	request.ZoneId = "{zone_id}"
	response, err := client.EnableDnssecConfig(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

202

Request accepted

400

Bad Request

500

Internal Server Error

Error Codes

See Error Codes.