4.5.3.2.1. DNSSECKey¶
-
class
dyn.tm.services.dnssec.
DNSSECKey
(key_type, algorithm, bits, start_ts=None, lifetime=None, overlap=None, expire_ts=None, **kwargs)[source]¶ A Key used by the DNSSEC service
-
__init__
(key_type, algorithm, bits, start_ts=None, lifetime=None, overlap=None, expire_ts=None, **kwargs)[source]¶ Create a
DNSSECKey
objectParameters: - key_type – The type of this key. (KSK or ZSK)
- algorithm – One of (RSA/SHA-1, RSA/SHA-256, RSA/SHA-512, DSA)
- bits – length of the key. Valid values: 1024, 2048, or 4096
- start_ts – An epoch time when key is to be valid
- lifetime – Lifetime of the key expressed in seconds
- overlap – Time before key expiration when a replacement key is prepared, expressed in seconds. Default = 7 days.
- expire_ts – An epoch time when this key is to expire
-
4.5.3.2.2. DNSSEC¶
-
class
dyn.tm.services.dnssec.
DNSSEC
(zone, *args, **kwargs)[source]¶ A DynECT System DNSSEC Service
-
__init__
(zone, *args, **kwargs)[source]¶ Create a
DNSSEC
objectParameters: - zone – the zone this service will be attached to
- keys – a list of
DNSSECKey
‘s for the service - contact_nickname – Name of contact to receive notifications
- notify_events – A
list
of events that trigger notifications. Valid values are “create” (a new version of a key was created), “expire” (a key was automatically expired), or “warning” (early warnings (2 weeks, 1 week, 1 day) of events)
-
active
¶ The current status of this
DNSSEC
service. When setting directly, rather than using activate/deactivate valid arguments are ‘Y’ or True to activate, or ‘N’ or False to deactivate. Note: If your service is already active and you try to activate it, nothing will happen. And vice versa for deactivation.Returns: An Active
object representing the current state of thisDNSSEC
Service
-
contact_nickname
¶ Name of contact to receive notifications
-
keys
¶ A List of
DNSSECKey
‘s associated with thisDNSSEC
service
-
notify_events
¶ A list of events that trigger notifications. Valid values are: create (a new version of a key was created), expire (a key was automatically expired), warning (early warnings (2 weeks, 1 week, 1 day) of events)
-
timeline_report
(start_ts=None, end_ts=None)[source]¶ Generates a report of events this
DNSSEC
service has performed and has scheduled to performParameters: - start_ts – datetime.datetime instance identifying point in time for the start of the timeline report
- end_ts – datetime.datetime instance identifying point in time for the end of the timeline report. Defaults to datetime.datetime.now()
-
zone
¶ The name of the zone where this service exists. This is a read-only property
-
4.5.3.2.2.1. DNSSEC Examples¶
The following examples highlight how to use the DNSSEC
class to
get/create DNSSEC
‘s on the dyn.tm System and how to edit these
objects from within a Python script.
4.5.3.2.2.1.1. Creating a new DNSSEC Service¶
The following example shows how to create a new DNSSEC
on the
dyn.tm System and how to edit some of the fields using the returned
DNSSEC
object.
>>> from dyn.tm.services.dnssec import DNSSECKey, DNSSEC
>>> # Create a dyn.tmSession
>>> key1 = DNSSECKey('KSK', 'RSA/SHA-1', 1024)
>>> key2 = DNSSECKey('ZSK', 'RSA/SHA-1', 2048)
>>> # Assuming you own the zone 'example.com'
>>> dnssec = DNSSEC('example.com', [key1, key2], 'mycontactnickname')
>>> dnssec.deactivate()
>>> dnssec.active
u'N'
4.5.3.2.2.1.2. Getting an Existing DNSSEC Service¶
The following example shows how to get an existing DNSSEC
from
the dyn.tm System and how to edit some of the same fields mentioned above.
>>> from dyn.tm.services.dnssec import DNSSEC
>>> # Create a dyn.tmSession
>>> # Once again, assuming you own 'example.com'
>>> dnssec = DNSSEC('example.com', [key1, key2], 'mycontactnickname')
>>> if dnssec.active == 'N':
... dnssec.activate()
>>> from pprint import pprint
>>> pprint(dnssec.timeline_report())
{}
4.5.3.2.2.1.3. Managing Your DNSSEC Keys¶
The following example shows how to manage an existing DNSSEC
services
DNSSECKey
‘s.
>>> from dyn.tm.services.dnssec import DNSSEC
>>> dnssec = DNSSEC('example.com')
>>> dnssec.keys
[<__main__.DNSSECKey object at 0x10ca84550>, <__main__.DNSSECKey object at 0x10ca84590>]
>>> new_key = DNSSECKey('ZSK', 'RSA/SHA-1', 1024)
>>> # You must always have two keys, so we add a new one first
>>> dnssec.keys.append(new_key)
>>> # Now that we have two keys we can delete an onld KSK we don't want
>>> for index, key in enumerate(dnssec.keys):
... if key.key_type == 'KSK' and key.bits == 1024:
... del dnssec.keys[index]
... break
>>> dnssec.keys
[<__main__.DNSSECKey object at 0x10ca84590>, <__main__.DNSSECKey object at 0x10ca78b50>]