Skip to content
Cloudflare API
Start here
API Reference
DNS
DNSSEC

DNSSEC Details

client.DNS.DNSSEC.Get(ctx, query) (*DNSSEC, error)
GET/zones/{zone_id}/dnssec

Details about DNSSEC status and configuration.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
DNS ReadDNS Write
ParametersExpand Collapse
query DNSSECGetParams
ZoneID param.Field[string]

Identifier.

maxLength32
ReturnsExpand Collapse
type DNSSEC struct{…}
Algorithm stringoptional

Algorithm key code.

Digest stringoptional

Digest hash.

DigestAlgorithm stringoptional

Type of digest algorithm.

DigestType stringoptional

Coded type for digest algorithm.

DNSSECMultiSigner booloptional

If true, multi-signer DNSSEC is enabled on the zone, allowing multiple providers to serve a DNSSEC-signed zone at the same time. This is required for DNSKEY records (except those automatically generated by Cloudflare) to be added to the zone.

See Multi-signer DNSSEC for details.

DNSSECPresigned booloptional

If true, allows Cloudflare to transfer in a DNSSEC-signed zone including signatures from an external provider, without requiring Cloudflare to sign any records on the fly.

Note that this feature has some limitations. See Cloudflare as Secondary for details.

DNSSECUseNsec3 booloptional

If true, enables the use of NSEC3 together with DNSSEC on the zone. Combined with setting dnssec_presigned to true, this enables the use of NSEC3 records when transferring in from an external provider. If dnssec_presigned is instead set to false (default), NSEC3 records will be generated and signed at request time.

See DNSSEC with NSEC3 for details.

DS stringoptional

Full DS record.

Flags float64optional

Flag for DNSSEC record.

KeyTag float64optional

Code for key tag.

KeyType stringoptional

Algorithm key type.

ModifiedOn Timeoptional

When DNSSEC was last modified.

formatdate-time
PublicKey stringoptional

Public key for DS record.

Status DNSSECStatusoptional

Status of DNSSEC, based on user-desired state and presence of necessary records.

One of the following:
const DNSSECStatusActive DNSSECStatus = "active"
const DNSSECStatusPending DNSSECStatus = "pending"
const DNSSECStatusDisabled DNSSECStatus = "disabled"
const DNSSECStatusPendingDisabled DNSSECStatus = "pending-disabled"
const DNSSECStatusError DNSSECStatus = "error"

DNSSEC Details

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/dns"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  dnssec, err := client.DNS.DNSSEC.Get(context.TODO(), dns.DNSSECGetParams{
    ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", dnssec.Algorithm)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "algorithm": "13",
    "digest": "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
    "digest_algorithm": "SHA256",
    "digest_type": "2",
    "dnssec_multi_signer": false,
    "dnssec_presigned": true,
    "dnssec_use_nsec3": false,
    "ds": "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
    "flags": 257,
    "key_tag": 42,
    "key_type": "ECDSAP256SHA256",
    "modified_on": "2014-01-01T05:20:00Z",
    "public_key": "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==",
    "status": "active"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "algorithm": "13",
    "digest": "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
    "digest_algorithm": "SHA256",
    "digest_type": "2",
    "dnssec_multi_signer": false,
    "dnssec_presigned": true,
    "dnssec_use_nsec3": false,
    "ds": "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
    "flags": 257,
    "key_tag": 42,
    "key_type": "ECDSAP256SHA256",
    "modified_on": "2014-01-01T05:20:00Z",
    "public_key": "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==",
    "status": "active"
  }
}