Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

API & Integration, DevOps,NetOps,SecOps

Reply

How to fill the dnssec_negative_trust_anchors array using curl ?

[ Edited ]
Authority
Posts: 14
3989     0

Hi,

 

can anyone tell me how to fill the list of the negative trust anchors for DNSSEC validation within a specific DNS view usind WAPI and curl ?

When I do a Get for the schema of the specific DNS view I see that it is an array:

 

{
"is_array": true,
"name": "dnssec_negative_trust_anchors",
"standard_field": false,
"supports": "rwu",
"type": [
"string"
]
}

 

How can I fill this array ?

 

When I put one forwarder in there lets say test.nl how do I list this using WAPI ? There is no documentation or examples about this.

I tried the following:

curl -k1 -u admin:infoblox -H "Content-Type: application/json" -X GET https://x.x.x.x/wapi/v2.7.1/view/ZG5zLnZpZXckLjE:MyView/false?dnssec_negative_trust_anchors

 

But this will only give me this:

 

{
"_ref": "view/ZG5zLnZpZXckLjE:MyView/false",
"is_default": false,
"name": "MyView"
}

 

I can't see the forwarder in the list that I put in there via the GUI.

 

I have a big list of forwarders that I need to add to the list of negative trust anchors before we are going to enable DNSSEC validation. And I'm not planning to this by hand as this will take some days.

 

Any help would be welcome.

 

Kind regards,

 

Stefan

Re: How to fill the dnssec_negative_trust_anchors array using curl ?

Authority
Posts: 14
3989     0

Ok so far I have managed to get the value in the list of negative trust anchors by using the command:

 

curl -k1 -u admin:infoblox -H "Content-Type: applicatin/json" -X GET https://x.x.x.x/wapi/v2.7.1/view/ZG5zLnZpZXckLjE:MyView/false?_return_fields=dnssec_negative_trust_a...

 

OUTPUT:

{
"_ref": "view/ZG5zLnZpZXckLjE:MyView/false",
"dnssec_negative_trust_anchors": [
"test.nl"
]

 

So next is how do I add a value in there ?

Re: How to fill the dnssec_negative_trust_anchors array using curl ?

Authority
Posts: 14
3989     0

I have managed to figure it out !! Smiley Happy

For those who are interested here is the final url which adds a list to the negative trusted anchors.

It overwrites any existing values so be sure to add the existing values in there as well.

 

curl -k1 -u admin:infoblox -H "Content-Type: application/json" -X PUT 'https://x.x.x.x/wapi/v2.7.1/view/ZG5zLnZpZXckLjE:MyView' -d '{"dnssec_negative_trust_anchors": ["hello.corp", "foo.bar", "anotherone.okay"]}'

 

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You