Enable or disable DNSSEC.
/zones/{zone_identifier}/dnssec
patch
DNSSEC
dnssec-edit-dnssec-status
{
"business": true,
"enterprise": true,
"free": true,
"pro": true
}{
"enum": [
"#zone_settings:edit"
]
}[
{
"in": "path",
"name": "zone_identifier",
"required": true,
"schema": {
"description": "Identifier",
"example": "023e105f4ecef8ad9ca31a8372d0c353",
"maxLength": 32,
"readOnly": true,
"type": "string"
}
}
]{
"content": {
"application/json": {
"schema": {
"properties": {
"dnssec_multi_signer": {
"description": "If true, multi-signer DNSSEC is enabled on the zone, allowing multiple\nproviders to serve a DNSSEC-signed zone at the same time.\nThis is required for DNSKEY records (except those automatically\ngenerated by Cloudflare) to be added to the zone.\n\nSee [Multi-signer DNSSEC](https://developers.cloudflare.com/dns/dnssec/multi-signer-dnssec/) for details.",
"example": false,
"type": "boolean"
},
"dnssec_presigned": {
"description": "If true, allows Cloudflare to transfer in a DNSSEC-signed zone\nincluding signatures from an external provider, without requiring\nCloudflare to sign any records on the fly.\n\nNote that this feature has some limitations.\nSee [Cloudflare as Secondary](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/#dnssec) for details.",
"example": true,
"type": "boolean"
},
"status": {
"description": "Status of DNSSEC, based on user-desired state and presence of necessary records.",
"enum": [
"active",
"disabled"
],
"example": "active"
}
}
}
}
},
"required": true
}{
"200": {
"content": {
"application/json": {
"schema": {
"allOf": [
{
"allOf": [
{
"properties": {
"errors": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"messages": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"result": {
"anyOf": [
{
"type": "object"
},
{
"items": {},
"type": "array"
},
{
"type": "string"
}
]
},
"success": {
"description": "Whether the API call was successful",
"enum": [
true
],
"example": true,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
},
{
"properties": {
"result": {
"anyOf": [
{
"type": "object"
},
{
"type": "string"
}
]
}
}
}
],
"type": "object"
},
{
"properties": {
"result": {
"properties": {
"algorithm": {
"description": "Algorithm key code.",
"example": "13",
"nullable": true,
"readOnly": true,
"type": "string"
},
"digest": {
"description": "Digest hash.",
"example": "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
"nullable": true,
"readOnly": true,
"type": "string"
},
"digest_algorithm": {
"description": "Type of digest algorithm.",
"example": "SHA256",
"nullable": true,
"readOnly": true,
"type": "string"
},
"digest_type": {
"description": "Coded type for digest algorithm.",
"example": "2",
"nullable": true,
"readOnly": true,
"type": "string"
},
"dnssec_multi_signer": {
"description": "If true, multi-signer DNSSEC is enabled on the zone, allowing multiple\nproviders to serve a DNSSEC-signed zone at the same time.\nThis is required for DNSKEY records (except those automatically\ngenerated by Cloudflare) to be added to the zone.\n\nSee [Multi-signer DNSSEC](https://developers.cloudflare.com/dns/dnssec/multi-signer-dnssec/) for details.",
"example": false,
"type": "boolean"
},
"dnssec_presigned": {
"description": "If true, allows Cloudflare to transfer in a DNSSEC-signed zone\nincluding signatures from an external provider, without requiring\nCloudflare to sign any records on the fly.\n\nNote that this feature has some limitations.\nSee [Cloudflare as Secondary](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/#dnssec) for details.",
"example": true,
"type": "boolean"
},
"ds": {
"description": "Full DS record.",
"example": "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
"nullable": true,
"readOnly": true,
"type": "string"
},
"flags": {
"description": "Flag for DNSSEC record.",
"example": 257,
"nullable": true,
"readOnly": true,
"type": "number"
},
"key_tag": {
"description": "Code for key tag.",
"example": 42,
"nullable": true,
"readOnly": true,
"type": "number"
},
"key_type": {
"description": "Algorithm key type.",
"example": "ECDSAP256SHA256",
"nullable": true,
"readOnly": true,
"type": "string"
},
"modified_on": {
"description": "When DNSSEC was last modified.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"nullable": true,
"readOnly": true,
"type": "string"
},
"public_key": {
"description": "Public key for DS record.",
"example": "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==",
"nullable": true,
"readOnly": true,
"type": "string"
},
"status": {
"description": "Status of DNSSEC, based on user-desired state and presence of necessary records.",
"enum": [
"active",
"pending",
"disabled",
"pending-disabled",
"error"
],
"example": "active"
}
},
"type": "object"
}
}
}
]
}
}
},
"description": "Edit DNSSEC Status response"
},
"4XX": {
"content": {
"application/json": {
"schema": {
"allOf": [
{
"allOf": [
{
"allOf": [
{
"properties": {
"errors": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"messages": {
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
},
"result": {
"anyOf": [
{
"type": "object"
},
{
"items": {},
"type": "array"
},
{
"type": "string"
}
]
},
"success": {
"description": "Whether the API call was successful",
"enum": [
true
],
"example": true,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
},
{
"properties": {
"result": {
"anyOf": [
{
"type": "object"
},
{
"type": "string"
}
]
}
}
}
],
"type": "object"
},
{
"properties": {
"result": {
"properties": {
"algorithm": {
"description": "Algorithm key code.",
"example": "13",
"nullable": true,
"readOnly": true,
"type": "string"
},
"digest": {
"description": "Digest hash.",
"example": "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
"nullable": true,
"readOnly": true,
"type": "string"
},
"digest_algorithm": {
"description": "Type of digest algorithm.",
"example": "SHA256",
"nullable": true,
"readOnly": true,
"type": "string"
},
"digest_type": {
"description": "Coded type for digest algorithm.",
"example": "2",
"nullable": true,
"readOnly": true,
"type": "string"
},
"dnssec_multi_signer": {
"description": "If true, multi-signer DNSSEC is enabled on the zone, allowing multiple\nproviders to serve a DNSSEC-signed zone at the same time.\nThis is required for DNSKEY records (except those automatically\ngenerated by Cloudflare) to be added to the zone.\n\nSee [Multi-signer DNSSEC](https://developers.cloudflare.com/dns/dnssec/multi-signer-dnssec/) for details.",
"example": false,
"type": "boolean"
},
"dnssec_presigned": {
"description": "If true, allows Cloudflare to transfer in a DNSSEC-signed zone\nincluding signatures from an external provider, without requiring\nCloudflare to sign any records on the fly.\n\nNote that this feature has some limitations.\nSee [Cloudflare as Secondary](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/#dnssec) for details.",
"example": true,
"type": "boolean"
},
"ds": {
"description": "Full DS record.",
"example": "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
"nullable": true,
"readOnly": true,
"type": "string"
},
"flags": {
"description": "Flag for DNSSEC record.",
"example": 257,
"nullable": true,
"readOnly": true,
"type": "number"
},
"key_tag": {
"description": "Code for key tag.",
"example": 42,
"nullable": true,
"readOnly": true,
"type": "number"
},
"key_type": {
"description": "Algorithm key type.",
"example": "ECDSAP256SHA256",
"nullable": true,
"readOnly": true,
"type": "string"
},
"modified_on": {
"description": "When DNSSEC was last modified.",
"example": "2014-01-01T05:20:00Z",
"format": "date-time",
"nullable": true,
"readOnly": true,
"type": "string"
},
"public_key": {
"description": "Public key for DS record.",
"example": "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==",
"nullable": true,
"readOnly": true,
"type": "string"
},
"status": {
"description": "Status of DNSSEC, based on user-desired state and presence of necessary records.",
"enum": [
"active",
"pending",
"disabled",
"pending-disabled",
"error"
],
"example": "active"
}
},
"type": "object"
}
}
}
]
},
{
"properties": {
"errors": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": [
{
"code": 7003,
"message": "No route for the URI"
}
],
"minLength": 1
},
"messages": {
"allOf": [
{
"example": [],
"items": {
"properties": {
"code": {
"minimum": 1000,
"type": "integer"
},
"message": {
"type": "string"
}
},
"required": [
"code",
"message"
],
"type": "object",
"uniqueItems": true
},
"type": "array"
}
],
"example": []
},
"result": {
"enum": [
null
],
"nullable": true,
"type": "object"
},
"success": {
"description": "Whether the API call was successful",
"enum": [
false
],
"example": false,
"type": "boolean"
}
},
"required": [
"success",
"errors",
"messages",
"result"
],
"type": "object"
}
]
}
}
},
"description": "Edit DNSSEC Status response failure"
}
}[
{
"api_email": [],
"api_key": []
}
]