API Reference

DNS

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

DNSSEC

DNSSEC Details

dns.dnssec.get(DNSSECGetParams**kwargs) -> DNSSEC

GET/zones/{zone_id}/dnssec

Edit DNSSEC Status

dns.dnssec.edit(DNSSECEditParams**kwargs) -> DNSSEC

PATCH/zones/{zone_id}/dnssec

Delete DNSSEC records

dns.dnssec.delete(DNSSECDeleteParams**kwargs) -> DNSSECDeleteResponse

DELETE/zones/{zone_id}/dnssec

ModelsExpand Collapse

class DNSSEC: …

algorithm: Optional[str]

Algorithm key code.

digest: Optional[str]

Digest hash.

digest_algorithm: Optional[str]

Type of digest algorithm.

digest_type: Optional[str]

Coded type for digest algorithm.

dnssec_multi_signer: Optional[bool]

If true, multi-signer DNSSEC is enabled on the zone, allowing multiple providers to serve a DNSSEC-signed zone at the same time. This is required for DNSKEY records (except those automatically generated by Cloudflare) to be added to the zone.

See Multi-signer DNSSEC for details.

dnssec_presigned: Optional[bool]

If true, allows Cloudflare to transfer in a DNSSEC-signed zone including signatures from an external provider, without requiring Cloudflare to sign any records on the fly.

Note that this feature has some limitations. See Cloudflare as Secondary for details.

dnssec_use_nsec3: Optional[bool]

If true, enables the use of NSEC3 together with DNSSEC on the zone. Combined with setting dnssec_presigned to true, this enables the use of NSEC3 records when transferring in from an external provider. If dnssec_presigned is instead set to false (default), NSEC3 records will be generated and signed at request time.

See DNSSEC with NSEC3 for details.

ds: Optional[str]

Full DS record.

flags: Optional[float]

Flag for DNSSEC record.

key_tag: Optional[float]

Code for key tag.

key_type: Optional[str]

Algorithm key type.

modified_on: Optional[datetime]

When DNSSEC was last modified.

formatdate-time

public_key: Optional[str]

Public key for DS record.

status: Optional[Literal["active", "pending", "disabled", 2 more]]

Status of DNSSEC, based on user-desired state and presence of necessary records.

One of the following:

"active"

"pending"

"disabled"

"pending-disabled"

"error"

str