## Edit DNSSEC Status

`client.dns.dnssec.edit(DNSSECEditParamsparams, RequestOptionsoptions?): DNSSEC`

**patch** `/zones/{zone_id}/dnssec`

Enable or disable DNSSEC.

### Parameters

- `params: DNSSECEditParams`

  - `zone_id: string`

    Path param: Identifier.

  - `dnssec_multi_signer?: boolean`

    Body param: If true, multi-signer DNSSEC is enabled on the zone, allowing multiple
    providers to serve a DNSSEC-signed zone at the same time.
    This is required for DNSKEY records (except those automatically
    generated by Cloudflare) to be added to the zone.

    See [Multi-signer DNSSEC](https://developers.cloudflare.com/dns/dnssec/multi-signer-dnssec/) for details.

  - `dnssec_presigned?: boolean`

    Body param: If true, allows Cloudflare to transfer in a DNSSEC-signed zone
    including signatures from an external provider, without requiring
    Cloudflare to sign any records on the fly.

    Note that this feature has some limitations.
    See [Cloudflare as Secondary](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/#dnssec) for details.

  - `dnssec_use_nsec3?: boolean`

    Body param: If true, enables the use of NSEC3 together with DNSSEC on the zone.
    Combined with setting dnssec_presigned to true, this enables the use of
    NSEC3 records when transferring in from an external provider.
    If dnssec_presigned is instead set to false (default), NSEC3 records will be
    generated and signed at request time.

    See [DNSSEC with NSEC3](https://developers.cloudflare.com/dns/dnssec/enable-nsec3/) for details.

  - `status?: "active" | "disabled"`

    Body param: Status of DNSSEC, based on user-desired state and presence of necessary records.

    - `"active"`

    - `"disabled"`

### Returns

- `DNSSEC`

  - `algorithm?: string | null`

    Algorithm key code.

  - `digest?: string | null`

    Digest hash.

  - `digest_algorithm?: string | null`

    Type of digest algorithm.

  - `digest_type?: string | null`

    Coded type for digest algorithm.

  - `dnssec_multi_signer?: boolean`

    If true, multi-signer DNSSEC is enabled on the zone, allowing multiple
    providers to serve a DNSSEC-signed zone at the same time.
    This is required for DNSKEY records (except those automatically
    generated by Cloudflare) to be added to the zone.

    See [Multi-signer DNSSEC](https://developers.cloudflare.com/dns/dnssec/multi-signer-dnssec/) for details.

  - `dnssec_presigned?: boolean`

    If true, allows Cloudflare to transfer in a DNSSEC-signed zone
    including signatures from an external provider, without requiring
    Cloudflare to sign any records on the fly.

    Note that this feature has some limitations.
    See [Cloudflare as Secondary](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/#dnssec) for details.

  - `dnssec_use_nsec3?: boolean`

    If true, enables the use of NSEC3 together with DNSSEC on the zone.
    Combined with setting dnssec_presigned to true, this enables the use of
    NSEC3 records when transferring in from an external provider.
    If dnssec_presigned is instead set to false (default), NSEC3 records will be
    generated and signed at request time.

    See [DNSSEC with NSEC3](https://developers.cloudflare.com/dns/dnssec/enable-nsec3/) for details.

  - `ds?: string | null`

    Full DS record.

  - `flags?: number | null`

    Flag for DNSSEC record.

  - `key_tag?: number | null`

    Code for key tag.

  - `key_type?: string | null`

    Algorithm key type.

  - `modified_on?: string | null`

    When DNSSEC was last modified.

  - `public_key?: string | null`

    Public key for DS record.

  - `status?: "active" | "pending" | "disabled" | 2 more`

    Status of DNSSEC, based on user-desired state and presence of necessary records.

    - `"active"`

    - `"pending"`

    - `"disabled"`

    - `"pending-disabled"`

    - `"error"`

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const dnssec = await client.dns.dnssec.edit({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353' });

console.log(dnssec.algorithm);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "algorithm": "13",
    "digest": "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
    "digest_algorithm": "SHA256",
    "digest_type": "2",
    "dnssec_multi_signer": false,
    "dnssec_presigned": true,
    "dnssec_use_nsec3": false,
    "ds": "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
    "flags": 257,
    "key_tag": 42,
    "key_type": "ECDSAP256SHA256",
    "modified_on": "2014-01-01T05:20:00Z",
    "public_key": "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==",
    "status": "active"
  }
}
```