fergalmoran/DnsServer
1
0
Fork 0
mirror of https://github.com/fergalmoran/DnsServer.git synced 2025-12-22 09:29:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

updated APIDOCS

Browse Source
This commit is contained in:
Shreyas Zare
2022-02-20 17:22:48 +05:30
parent ac283de597
commit 042a88918f
1 changed files with 302 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

327
APIDOCS.md
View File

@@ -1775,7 +1775,7 @@ RESPONSE:
List all authoritative zones hosted on this DNS server.
URL:
`http://localhost:5380/api/listZones?token=x`
`http://localhost:5380/api/zone/list?token=x`
WHERE:
- `token`: The session token generated by the `login` call.
@@ -1785,39 +1785,54 @@ RESPONSE:
{
"response": {
"zones": [
{
"name": "",
"type": "Secondary",
"dnssecStatus": "SignedWithNSEC",
"expiry": "2022-02-26T07:57:08.1842183Z",
"isExpired": false,
"disabled": false
},
{
"name": "0.in-addr.arpa",
"type": "Primary",
"internal": true,
"dnssecStatus": "Unsigned",
"disabled": false
},
{
"name": "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa",
"type": "Primary",
"internal": true,
"dnssecStatus": "Unsigned",
"disabled": false
},
{
"name": "127.in-addr.arpa",
"type": "Primary",
"internal": true,
"dnssecStatus": "Unsigned",
"disabled": false
},
{
"name": "255.in-addr.arpa",
"type": "Primary",
"internal": true,
"dnssecStatus": "Unsigned",
"disabled": false
},
{
"name": "example.com",
"type": "Primary",
"internal": false,
"dnssecStatus": "SignedWithNSEC",
"disabled": false
},
{
"name": "localhost",
"type": "Primary",
"internal": true,
"disabled": false
},
{
"name": "example.com",
"type": "Primary",
"dnssecStatus": "Unsigned",
"disabled": false
}
]
@@ -1831,11 +1846,11 @@ RESPONSE:
Creates a new authoritative zone.
URL:
`http://localhost:5380/api/createZone?token=x&domain=example.com&type=Primary`
`http://localhost:5380/api/zone/create?token=x&zone=example.com&type=Primary`
WHERE:
- `token`: The session token generated by the `login` call.
- `domain`: The domain name for creating new zone. The value can be valid domain name, an IP address, or an network address in CIDR format. When value is IP address or network address, a reverse zone is created.
- `zone`: The domain name for creating the new zone. The value can be valid domain name, an IP address, or an network address in CIDR format. When value is IP address or network address, a reverse zone is created.
- `type`: The type of zone to be created. Valid values are [`primary`, `secondary`, `stub`, `forwarder`].
- `primaryNameServerAddresses` (optional): List of comma separated IP addresses of the primary name server. This optional parameter is used only with Secondary and Stub zones. If this parameter is not used, the DNS server will try to recursively resolve the primary name server addresses automatically.
- `zoneTransferProtocol` (optional): The zone transfer protocol to be used by secondary zones. Valid values are [`tcp`, `tls`].
@@ -1862,16 +1877,278 @@ RESPONSE:
WHERE:
- `domain`: Will contain the zone that was created. This is specifically useful to know the reverse zone that was created.
### Sign Zone
Signs the primary zone (DNSSEC).
URL:
`http://localhost:5380/api/zone/dnssec/sign?token=x&zone=example.com&algorithm=ECDSA&dnsKeyTtl=86400&nxProof=NSEC3&iterations=0&saltLength=0&curve=P256`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
- `algorithm`: The algorithm to be used for signing. Valid values are [`RSA`, `ECDSA`].
- `hashAlgorithm` (optional): The hash algorithm to be used when using `RSA` algorithm. Valid values are [`MD5`, `SHA1, `SHA256`, `SHA512`]. This optional parameter is required when using `RSA` algorithm.
- `kskKeySize` (optional): The size of the Key Signing Key (KSK) in bits to be used when using `RSA` algorithm. This optional parameter is required when using `RSA` algorithm.
- `zskKeySize` (optional): The size of the Zone Signing Key (ZSK) in bits to be used when using `RSA` algorithm. This optional parameter is required when using `RSA` algorithm.
- `curve` (optional): The name of the curve to be used when using `ECDSA` algorithm. Valid values are [`P256`, `P384`]. This optional parameter is required when using `ECDSA` algorithm.
- `dnsKeyTtl` (optional): The TTL value to be used for DNSKEY records. Default value is `86400` when not specified.
- `nxProof` (optional): The type of proof of non-existence that must be used for signing the zone. Valid values are [`NSEC`, `NSEC3`]. Default value is `NSEC` when not specified.
- `iterations` (optional): The number of iterations to use for hashing in NSEC3. This optional parameter is only applicable when using `NSEC3` as the `nxProof`. Default value is `0` when not specified.
- `saltLength` (optional): The length of salt in bytes to use for hashing in NSEC3. This optional parameter is only applicable when using `NSEC3` as the `nxProof`. Default value is `0` when not specified.
RESPONSE:
```
{
"status": "ok"
}
```
### Unsign Zone
Unsigns the primary zone (DNSSEC).
URL:
`http://localhost:5380/api/zone/dnssec/unsign?token=x&zone=example.com
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
RESPONSE:
```
{
"status": "ok"
}
```
### Get DNSSEC Properties
Get the DNSSEC properties for the primary zone.
URL:
`http://localhost:5380/api/zone/dnssec/getProperties?token=x&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
RESPONSE:
```
{
"response": {
"name": "example.com",
"type": "Primary",
"internal": false,
"disabled": false,
"dnssecStatus": "SignedWithNSEC",
"dnsKeyTtl": 86400,
"dnssecPrivateKeys": [
{
"keyTag": 19198,
"keyType": "KeySigningKey",
"algorithm": "ECDSAP256SHA256",
"state": "Ready",
"stateChangedOn": "2022-02-19T06:53:21Z",
"isRetiring": false
},
{
"keyTag": 50617,
"keyType": "ZoneSigningKey",
"algorithm": "ECDSAP256SHA256",
"state": "Active",
"stateChangedOn": "2022-02-19T06:53:21Z",
"isRetiring": false
}
]
},
"status": "ok"
}
```
### Convert To NSEC
Converts a primary zone from NSEC3 to NSEC for proof of non-existence.
URL:
`http://localhost:5380/api/zone/dnssec/convertToNSEC?token=x&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
RESPONSE:
```
{
"status": "ok"
}
```
### Convert To NSEC3
Converts a primary zone from NSEC to NSEC3 for proof of non-existence.
URL:
`http://localhost:5380/api/zone/dnssec/convertToNSEC3?token=x&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
RESPONSE:
```
{
"status": "ok"
}
```
### Update NSEC3 Parameters
Updates the iteration and salt length parameters for NSEC3.
URL:
`http://localhost:5380/api/zone/dnssec/updateNSEC3Params?token=x&zone=example.com&iterations=0&saltLength=0`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
- `iterations` (optional): The number of iterations to use for hashing. Default value is `0` when not specified.
- `saltLength` (optional): The length of salt in bytes to use for hashing. Default value is `0` when not specified.
RESPONSE:
```
{
"status": "ok"
}
```
### Update DNSKEY TTL
Updates the TTL value for DNSKEY resource record set. The value can be updated only when all the DNSKEYs are in ready or active state.
URL:
`http://localhost:5380/api/zone/dnssec/updateDnsKeyTtl?token=x&zone=example.com&ttl=86400`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
- `ttl`: The TTL value for the DNSKEY resource record set.
RESPONSE:
```
{
"status": "ok"
}
```
### Generate Private Key
Generates a private key to be used for signing the zone with DNSSEC.
URL:
`http://localhost:5380/api/zone/dnssec/generatePrivateKey?token=x&zone=example.com&keyType=KeySigningKey&algorithm=ECDSA&curve=P256`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
- `keyType`: The type of key for which the private key is to be generated. Valid values are [`KeySigningKey`, `ZoneSigningKey`].
- `algorithm`: The algorithm to be used for signing. Valid values are [`RSA`, `ECDSA`].
- `hashAlgorithm` (optional): The hash algorithm to be used when using `RSA` algorithm. Valid values are [`MD5`, `SHA1, `SHA256`, `SHA512`]. This optional parameter is required when using `RSA` algorithm.
- `keySize` (optional): The size of the generated private key in bits to be used when using `RSA` algorithm. This optional parameter is required when using `RSA` algorithm.
- `curve` (optional): The name of the curve to be used when using `ECDSA` algorithm. Valid values are [`P256`, `P384`]. This optional parameter is required when using `ECDSA` algorithm.
RESPONSE:
```
{
"status": "ok"
}
```
### Delete Private Key
Deletes a private key that has state set as `Generated`. Private keys with any other state cannot be delete.
URL:
`http://localhost:5380/api/zone/dnssec/deletePrivateKey?token=x&zone=example.com&keyTag=12345`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
- `keyTag`: The key tag of the private key to be deleted.
RESPONSE:
```
{
"status": "ok"
}
```
### Publish All Private Keys
Publishes all private keys that have state set as `Generated` by adding associated DNSKEY records for them. Once published, the keys will be automatically activated. For Key Signing Keys (KSK), once the state is set to `Ready` you can then safely replace the old DS record from the parent zone with a new DS key record for the KSK associated DNSKEY record. Once the new DS record is published at the parent zone, the DNS server will automatically detect and set the KSK state to `Active`.
URL:
`http://localhost:5380/api/zone/dnssec/publishAllPrivateKeys?token=x&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
RESPONSE:
```
{
"status": "ok"
}
```
### Rollover DNSKEY
Generates and publishes a new private key for the given key that has to be rolled over. The old private key and its associated DNSKEY record will be automatically retired and removed safely once the new key is active.
URL:
`http://localhost:5380/api/zone/dnssec/rolloverDnsKey?token=x&zone=example.com&keyTag=12345`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
- `keyTag`: The key tag of the private key to rollover.
RESPONSE:
```
{
"status": "ok"
}
```
### Retire DNSKEY
Retires the specified private key and its associated DNSKEY record and removes it safely. To retire an existing DNSKEY, there must be at least one active key available.
URL:
`http://localhost:5380/api/zone/dnssec/retireDnsKey?token=x&zone=example.com&keyTag=12345`
WHERE:
- `token`: The session token generated by the `login` call.
- `zone`: The name of the primary zone to sign.
- `keyTag`: The key tag of the private key to retire.
RESPONSE:
```
{
"status": "ok"
}
```
### Delete Zone
Deletes an authoritative zone.
URL:
`http://localhost:5380/api/deleteZone?token=x&domain=example.com`
`http://localhost:5380/api/zone/delete?token=x&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
- `domain`: The domain name of the zone to be deleted.
- `zone`: The domain name of the zone to be deleted.
RESPONSE:
```
@@ -1885,11 +2162,11 @@ RESPONSE:
Enables an authoritative zone.
URL:
`http://localhost:5380/api/enableZone?token=x&domain=example.com`
`http://localhost:5380/api/zone/enable?token=x&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
- `domain`: The domain name of the zone to be enabled.
- `zone`: The domain name of the zone to be enabled.
RESPONSE:
```
@@ -1903,11 +2180,11 @@ RESPONSE:
Disables an authoritative zone. This will prevent the DNS server from responding for queries to this zone.
URL:
`http://localhost:5380/api/disableZone?token=x&domain=example.com`
`http://localhost:5380/api/zone/disable?token=x&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
- `domain`: The domain name of the zone to be disabled.
- `zone`: The domain name of the zone to be disabled.
RESPONSE:
```
@@ -1921,11 +2198,11 @@ RESPONSE:
Gets the zone specific options.
URL:
`http://localhost:5380/api/zone/options/get?token=x&domain=example.com`
`http://localhost:5380/api/zone/options/get?token=x&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
- `domain`: The domain name of the zone to get options.
- `zone`: The domain name of the zone to get options.
RESPONSE:
```
@@ -1955,11 +2232,11 @@ RESPONSE:
Sets the zone specific options.
URL:
`http://localhost:5380/api/zone/options/set?token=x&domain=example.com&disabled=false&zoneTransfer=Allow&zoneTransferNameServers=&notify=ZoneNameServers&notifyNameServers=`
`http://localhost:5380/api/zone/options/set?token=x&zone=example.com&disabled=false&zoneTransfer=Allow&zoneTransferNameServers=&notify=ZoneNameServers&notifyNameServers=`
WHERE:
- `token`: The session token generated by the `login` call.
- `domain`: The domain name of the zone to set options.
- `zone`: The domain name of the zone to set options.
- `disabled` (optional): Sets if the zone is enabled or disabled.
- `zoneTransfer` (optional): Sets if the zone allows zone transfer. Valid options are [`Deny`, `Allow`, `AllowOnlyZoneNameServers`, `AllowOnlySpecifiedNameServers`].
- `zoneTransferNameServers` (optional): A list of comma separated IP addresses which should be allowed to perform zone transfer. This list is enabled only when `zoneTransfer` option is set to `AllowOnlySpecifiedNameServers`.
@@ -1979,7 +2256,7 @@ RESPONSE:
Adds an resource record for an authoritative zone.
URL:
`http://localhost:5380/api/addRecord?token=x&domain=example.com`
`http://localhost:5380/api/zone/addRecord?token=x&domain=example.com&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
@@ -2014,7 +2291,7 @@ RESPONSE:
Gets all records for a given authoritative zone.
URL:
`http://localhost:5380/api/getRecords?token=x&domain=example.com`
`http://localhost:5380/api/zone/getRecords?token=x&domain=example.com&zone=example.com`
WHERE:
- `token`: The session token generated by the `login` call.
@@ -2122,7 +2399,7 @@ RESPONSE:
Deletes a record from an authoritative zone.
URL:
`http://localhost:5380/api/deleteRecord?token=x&domain=example.com&type=A&value=127.0.0.1`
`http://localhost:5380/api/zone/deleteRecord?token=x&domain=example.com&zone=example.com&type=A&value=127.0.0.1`
WHERE:
- `token`: The session token generated by the `login` call.
@@ -2148,7 +2425,7 @@ RESPONSE:
Updates an existing record in an authoritative zone.
URL:
`http://localhost:5380/api/updateRecord?token=x&domain=mail.example.com&type=A&value=127.0.0.1&newValue=127.0.0.2&ptr=false`
`http://localhost:5380/api/zone/updateRecord?token=x&domain=mail.example.com&zone=example.com&type=A&value=127.0.0.1&newValue=127.0.0.2&ptr=false`
WHERE:
- `token`: The session token generated by the `login` call.
@@ -2963,9 +3240,9 @@ WHERE:
- `token`: The session token generated by the `login` call.
- `name`: The name of the DHCP scope.
- `newName` (optional): The new name of the DHCP scope to rename an existing scope.
- `startingAddress`: The starting IP address of the DHCP scope.
- `endingAddress`: The ending IP address of the DHCP scope.
- `subnetMask`: The subnet mask of the network.
- `startingAddress` (optional): The starting IP address of the DHCP scope. This parameter is required when creating a new scope.
- `endingAddress` (optional): The ending IP address of the DHCP scope. This parameter is required when creating a new scope.
- `subnetMask` (optional): The subnet mask of the network. This parameter is required when creating a new scope.
- `leaseTimeDays` (optional): The lease time in number of days.
- `leaseTimeHours` (optional): The lease time in number of hours.
- `leaseTimeMinutes` (optional): The lease time in number of minutes.