Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Register Now

API & Integration

Reply

Script to supervise DNSSEC for infoblox
melaichi
melaichi
Techie
Posts: 1

‎04-29-2016 04:42 AM

4646     0

Hi,

  I need a script to supervise the DNSSec service (key validity, key expiration for each kind of key zsk, ksk

 

Best regards

Reply
0 Kudos

Re: Script to supervise DNSSEC for infoblox
GHorne
GHorne Community Manager
Community Manager
Posts: 248

‎05-09-2016 09:22 AM

4646     0

Are you talking about rfc 5011 support ? or some other kind of management ?

Reply
0 Kudos

Re: Script to supervise DNSSEC for infoblox
Timelord
Timelord
Techie
Posts: 6

‎06-22-2016 10:51 PM

4646     0

I need such a script too -> Automated Updates of DNS Security (DNSSEC) Trust Anchors is that possible?

 

 

Reply
0 Kudos
Highlighted

Re: Script to supervise DNSSEC for infoblox
SRenjith
Adviser
Posts: 69

‎12-03-2018 05:59 AM

4646     0

Hi,

 

This can be accomplished with a REST API call.

 

Below is a sample call

 

https://xx.xx.xx.xx.xx/wapi/v2.7/zone_auth?_return_fields=fqdn,is_dnssec_signed,dnssec_ksk_rollover_date,dnssec_zsk_rollover_date,dnssec_key_params&_return_type=json-pretty

 Below is a sample output.

 

5	
_ref	"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS50ZXN0:test.com/default"
dnssec_key_params	
enable_ksk_auto_rollover	false
ksk_algorithms	[]
ksk_email_notification_enabled	false
ksk_rollover	31536000
ksk_rollover_notification_config	"REQUIRE_MANUAL_INTERVENTION"
ksk_snmp_notification_enabled	true
next_secure_type	"NSEC3"
nsec3_iterations	10
nsec3_salt_max_length	15
nsec3_salt_min_length	1
signature_expiration	345600
zsk_algorithms	[]
zsk_rollover	2592000
zsk_rollover_mechanism	"PRE_PUBLISH"
dnssec_ksk_rollover_date	1574544459
dnssec_zsk_rollover_date	1545600459
fqdn	"test.com"
is_dnssec_signed	true

 

You can specify individual zones in the calls to fine tune the results like below.

 

https://xx.xx.xx.xx.xx/wapi/v2.7/zone_auth?fqdn=test.com&_return_fields=fqdn,is_dnssec_signed,dnssec_ksk_rollover_date,dnssec_zsk_rollover_date,dnssec_key_params&_return_type=json-pretty

Please note that the dates are returned in epoch time format.

 

 

Regards,

Sandeep

Reply
0 Kudos
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Do you mean 

Recommended for You

Latest Annoucements

Infolbox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community