We have a new documentation site for cPanel & WHM! You can find our new documentation site at docs.cpanel.net.

We will continue to maintain our API documentation on this server.

Child pages
  • UAPI Functions - DNSSEC::set_nsec3
Skip to end of metadata
Go to start of metadata

Description

This function configures the domain to use Next Secure Record 3 (NSEC3) semantics.

Important:

In cPanel & WHM version 76 and later, when you disable the DNS role, the system disables this function.

Examples 


 cPanel or Webmail Session URL
https://hostname.example.com:2083/cpsess##########/execute/DNSSEC/set_nsec3?domain=example.com&use_nsec3=1&nsec3_opt_out=0&nsec3_iterations=7&nsec3_narrow=1&nsec3_salt=1A2B3C4D5E6F


Note:

This example calls the UAPI function via a cPanel session. For more information, read our Guide to UAPI documentation. 

 LiveAPI PHP Class
$cpanel = new CPANEL(); // Connect to cPanel - only do this once.

// Set NSEC3.
$sa_settings = $cpanel->uapi(
    'DNSSEC', 'set_nsec3',
    array(
        'domain'     		=> 'example.com',
        'use_nsec3'     	=> '1',
        'nsec3_opt_out'     => '0',
        'nsec3_iterations'  => '7',
        'nsec3_narrow'      => '1',
        'nsec3_salt'     	=> '1A2B3C4D5E6F',
    )
);


Note:

For more information, read our Guide to the LiveAPI System.

 LiveAPI Perl Module
my $cpliveapi = Cpanel::LiveAPI->new(); # Connect to cPanel - only do this once.

# Set NSEC3.
my $sa_settings = $cpliveapi->uapi(
    'DNSSEC', 'set_nsec3',
    {
        'domain'     		=> 'example.com',
        'use_nsec3'     	=> '1',
        'nsec3_opt_out'     => '0',
        'nsec3_iterations'  => '7',
        'nsec3_narrow'     	=> '1',
        'nsec3_salt'     	=> '1A2B3C4D5E6F',
    }
);


Note:

For more information, read our Guide to the LiveAPI System.

 Command Line
uapi --user=username DNSSEC set_nsec3 domain=example.com use_nsec3=1 nsec3_opt_out=0 nsec3_iterations=7 nsec3_narrow=1 nsec3_salt=1A2B3C4D5E6F


Notes:

  • You must URI-encode values.
  • username represents your account-level username.
  • For more information and additional output options, read our Guide to UAPI documentation or run the uapi --help command. 
  • If you run CloudLinux™, you must use the full path of the uapi command:

    /usr/local/cpanel/bin/uapi


 Output (JSON)
{
   "apiversion":3,
   "module":"DNSSEC",
   "func":"set_nsec3",
   "result":{
      "status":1,
      "metadata":{
      },
      "data":{
         "enabled":{
            "example.com":1
         }
      },
      "errors":null,
      "warnings":null,
      "messages":null
   }
}


Note:

Use cPanel's API Shell interface (cPanel >> Home >> Advanced >> API Shell) to directly test cPanel API calls.

Parameters

ParameterTypeDescriptionPossible valuesExample
domainstring

Required

The domain on which to enable NSEC3 semantics.

A valid domain.example.com
nsec3_opt_outBoolean

Required

Whether the system will create records for all delegations.


  • 1 — Create records for all delegations.
  • 0 — Create records only for secure delegations.

    Note:

    Only select 1 if you must create records for all delegations.


0

nsec3_iterationsinteger

Required

The number of times that the system re-executes the first resource record hash operation.

A positive integer less than 501.

7

nsec3_narrowBoolean

Required

Whether NSEC3 will operate in Narrow mode or Inclusive mode.

In Narrow mode, PowerDNS sends out white lies about the next secure record. Rather than query the resource record in the database, PowerDNS sends the hash plus 1 as the next secure record.

  • 1 — Narrow mode.
  • 0 — Inclusive mode.
1
nsec3_saltstring

Required

The salt value that PowerDNS uses in the hashes.

For more information about the salt value, read the RFC 5155 documentation.

A hexidecimal string. 1A2B3C4D5E6F

Returns

Notes:

  • We added the enabled and DOMAIN returns in cPanel & WHM version 86.
  • We removed the enabled and DOMAIN returns from the metadata in cPanel & WHM version 88.
ReturnTypeDescriptionPossible valuesExample
enabled array of hashesAn array of hashes that contains the domains for which the system enabled NSEC3.

Each hash contains the DOMAIN return.


DOMAIN

Boolean

Whether the system enabled NSEC3 on the domain.

Note:

This return's name is the domain parameter's value.

The function returns this value in the enabled hash.

  • 1 — Enabled.
  • 0 — The system failed to enable NSEC3.
1