4.5.3.2.1. DNSSECKey

class dyn.tm.services.dnssec.DNSSECKey(key_type, algorithm, bits, start_ts=None, lifetime=None, overlap=None, expire_ts=None, **kwargs)[source]

A Key used by the DNSSEC service

__init__(key_type, algorithm, bits, start_ts=None, lifetime=None, overlap=None, expire_ts=None, **kwargs)[source]

Create a DNSSECKey object

Parameters:
  • key_type – The type of this key. (KSK or ZSK)
  • algorithm – One of (RSA/SHA-1, RSA/SHA-256, RSA/SHA-512, DSA, ECDSAP256SHA256, ECDSAP384SHA384)
  • bits – length of the key. Valid values: 256, 384, 1024, 2048, or 4096
  • start_ts – An epoch time when key is to be valid
  • lifetime – Lifetime of the key expressed in seconds
  • overlap – Time before key expiration when a replacement key is prepared, expressed in seconds. Default = 7 days.
  • expire_ts – An epoch time when this key is to expire
  • dnskey – The KSK or ZSK record data
  • ds – One of the DS records for the KSK. ZSKs will have this value intialized, but with null values.
  • all_ds – All the DS records associated with this KSK. Applies only to KSK, ZSK will have a zero-length list.

4.5.3.2.2. DNSSEC

class dyn.tm.services.dnssec.DNSSEC(zone, *args, **kwargs)[source]

A DynECT System DNSSEC Service

__init__(zone, *args, **kwargs)[source]

Create a DNSSEC object

Parameters:
  • zone – the zone this service will be attached to
  • keys – a list of DNSSECKey’s for the service
  • contact_nickname – Name of contact to receive notifications
  • notify_events – A list of events that trigger notifications. Valid values are “create” (a new version of a key was created), “expire” (a key was automatically expired), or “warning” (early warnings (2 weeks, 1 week, 1 day) of events)
activate()[source]

Activate this DNSSEC service

active

The current status of this DNSSEC service. When setting directly, rather than using activate/deactivate valid arguments are ‘Y’ or True to activate, or ‘N’ or False to deactivate. Note: If your service is already active and you try to activate it, nothing will happen. And vice versa for deactivation.

Returns:An Active object representing the current state of this DNSSEC Service
contact_nickname

Name of contact to receive notifications

deactivate()[source]

Deactivate this DNSSEC service

delete()[source]

Delete this DNSSEC Service from the DynECT System

keys

A List of DNSSECKey’s associated with this DNSSEC service

notify_events

A list of events that trigger notifications. Valid values are: create (a new version of a key was created), expire (a key was automatically expired), warning (early warnings (2 weeks, 1 week, 1 day) of events)

timeline_report(start_ts=None, end_ts=None)[source]

Generates a report of events this DNSSEC service has performed and has scheduled to perform

Parameters:
  • start_ts – datetime.datetime instance identifying point in time for the start of the timeline report
  • end_ts – datetime.datetime instance identifying point in time for the end of the timeline report. Defaults to datetime.datetime.now()
zone

The name of the zone where this service exists. This is a read-only property

4.5.3.2.2.1. DNSSEC Examples

The following examples highlight how to use the DNSSEC class to get/create DNSSEC’s on the dyn.tm System and how to edit these objects from within a Python script.

4.5.3.2.2.1.1. Creating a new DNSSEC Service

The following example shows how to create a new DNSSEC on the dyn.tm System and how to edit some of the fields using the returned DNSSEC object.

>>> from dyn.tm.services.dnssec import DNSSECKey, DNSSEC
>>> # Create a dyn.tmSession
>>> key1 = DNSSECKey('KSK', 'RSA/SHA-1', 1024)
>>> key2 = DNSSECKey('ZSK', 'RSA/SHA-1', 2048)
>>> # Assuming you own the zone 'example.com'
>>> dnssec = DNSSEC('example.com', [key1, key2], 'mycontactnickname')
>>> dnssec.deactivate()
>>> dnssec.active
u'N'

4.5.3.2.2.1.2. Getting an Existing DNSSEC Service

The following example shows how to get an existing DNSSEC from the dyn.tm System and how to edit some of the same fields mentioned above.

>>> from dyn.tm.services.dnssec import DNSSEC
>>> # Create a dyn.tmSession
>>> # Once again, assuming you own 'example.com'
>>> dnssec = DNSSEC('example.com', [key1, key2], 'mycontactnickname')
>>> if dnssec.active == 'N':
...     dnssec.activate()
>>> from pprint import pprint
>>> pprint(dnssec.timeline_report())
{}

4.5.3.2.2.1.3. Managing Your DNSSEC Keys

The following example shows how to manage an existing DNSSEC services DNSSECKey’s.

>>> from dyn.tm.services.dnssec import DNSSEC
>>> dnssec = DNSSEC('example.com')
>>> dnssec.keys
[<__main__.DNSSECKey object at 0x10ca84550>, <__main__.DNSSECKey object at 0x10ca84590>]
>>> new_key = DNSSECKey('ZSK', 'RSA/SHA-1', 1024)
>>> # You must always have two keys, so we add a new one first
>>> dnssec.keys.append(new_key)
>>> # Now that we have two keys we can delete an onld KSK we don't want
>>> for index, key in enumerate(dnssec.keys):
...     if key.key_type == 'KSK' and key.bits == 1024:
...         del dnssec.keys[index]
...         break
>>> dnssec.keys
[<__main__.DNSSECKey object at 0x10ca84590>, <__main__.DNSSECKey object at 0x10ca78b50>]