Contents

Previous topic

Metadata

Next topic

Autoprimaries

This Page

  1. Docs
  2. Built-in Webserver and HTTP API
  3. TSIGKeys

TSIGKeys

New in version 4.2.0.

TSIGKeys can be manipulated via the API.

TSIGKey Endpoints

GET /servers/{server_id}/tsigkeys

Get all TSIGKeys on the server, except the actual key

Parameters:
  • server_id (string) – The id of the server
Status Codes:
POST /servers/{server_id}/tsigkeys

Add a TSIG key

This methods add a new TSIGKey. The actual key can be generated by the server or be provided by the client

Parameters:
  • server_id (string) – The id of the server
Status Codes:
GET /servers/{server_id}/tsigkeys/{tsigkey_id}

Get a specific TSIGKeys on the server, including the actual key

Parameters:
  • server_id (string) – The id of the server to retrieve the key from
  • tsigkey_id (string) – The id of the TSIGkey. Should match the “id” field in the TSIGKey object
Status Codes:
PUT /servers/{server_id}/tsigkeys/{tsigkey_id}
The TSIGKey at tsigkey_id can be changed in multiple ways:
  • Changing the Name, this will remove the key with tsigkey_id after adding.
  • Changing the Algorithm
  • Changing the Key

Only the relevant fields have to be provided in the request body.

Parameters:
  • server_id (string) – The id of the server to retrieve the key from
  • tsigkey_id (string) – The id of the TSIGkey. Should match the “id” field in the TSIGKey object
Status Codes:
DELETE /servers/{server_id}/tsigkeys/{tsigkey_id}

Delete the TSIGKey with tsigkey_id

Parameters:
  • server_id (string) – The id of the server to retrieve the key from
  • tsigkey_id (string) – The id of the TSIGkey. Should match the “id” field in the TSIGKey object
Status Codes:

Objects

TSIGKey

A TSIG key that can be used to authenticate NOTIFY, AXFR, and DNSUPDATE queries.

Object Properties:
 
  • name (string) – The name of the key
  • id (string) – The ID for this key, used in the TSIGkey URL endpoint.
  • algorithm (string) – The algorithm of the TSIG key
  • key (string) – The Base64 encoded secret key, empty when listing keys. MAY be empty when POSTing to have the server generate the key material
  • type (string) – Set to “TSIGKey”

Examples

Generating a new TSIG key

POST /servers/localhost/tsigkeys HTTP/1.1
X-Api-Key: secret
Content-Type: application/json

{"name": "mytsigkey", "algorithm": "hmac-sha256"}

Will yield a response similar to this (several headers omitted):

HTTP/1.1 201 Created
Content-Type: application/json

{"algorithm": "hmac-sha256", "id": "mytsigkey.", "key": "ayZmdUpT5xh7H21p3UUHJWZgF2F2jNncqx5SQkRIWbqReuwieiVBG8jtEieb/njCbjrLtQkjVsgoiKCtsqNsdQ==", "name": "mytsigkey", "type": "TSIGKey"}

Modifying the key material

PUT /servers/localhost/tsigkeys/mytsigkey. HTTP/1.1
X-Api-Key: secret
Content-Type: application/json

{"name": "mytsigkey", "key": "GQNyFy1QagMUarHmiSgsIJajghdTGJGVcN5TRVwgbclzxGyhQR1uYLCOyJ/uj9uj12jyeLwzJuW12wCI9PYv7Q=="}

HTTP/1.1 200 Ok
Content-Type: application/json

{"algorithm": "hmac-sha256", "id": "mytsigkey.", "key": "GQNyFy1QagMUarHmiSgsIJajghdTGJGVcN5TRVwgbclzxGyhQR1uYLCOyJ/uj9uj12jyeLwzJuW12wCI9PYv7Q==", "name": "mytsigkey", "type": "TSIGKey"}
Metadata
Autoprimaries
© Copyright PowerDNS.COM BV. Created using Sphinx.