Are you talking about rfc 5011 support ? or some other kind of management ?

I need such a script too -> Automated Updates of DNS Security (DNSSEC) Trust Anchors is that possible?

Hi,

This can be accomplished with a REST API call.

Below is a sample call

https://xx.xx.xx.xx.xx/wapi/v2.7/zone_auth?_return_fields=fqdn,is_dnssec_signed,dnssec_ksk_rollover_date,dnssec_zsk_rollover_date,dnssec_key_params&_return_type=json-pretty

 Below is a sample output.

5	
_ref	"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS50ZXN0:test.com/default"
dnssec_key_params	
enable_ksk_auto_rollover	false
ksk_algorithms	[]
ksk_email_notification_enabled	false
ksk_rollover	31536000
ksk_rollover_notification_config	"REQUIRE_MANUAL_INTERVENTION"
ksk_snmp_notification_enabled	true
next_secure_type	"NSEC3"
nsec3_iterations	10
nsec3_salt_max_length	15
nsec3_salt_min_length	1
signature_expiration	345600
zsk_algorithms	[]
zsk_rollover	2592000
zsk_rollover_mechanism	"PRE_PUBLISH"
dnssec_ksk_rollover_date	1574544459
dnssec_zsk_rollover_date	1545600459
fqdn	"test.com"
is_dnssec_signed	true

You can specify individual zones in the calls to fine tune the results like below.

https://xx.xx.xx.xx.xx/wapi/v2.7/zone_auth?fqdn=test.com&_return_fields=fqdn,is_dnssec_signed,dnssec_ksk_rollover_date,dnssec_zsk_rollover_date,dnssec_key_params&_return_type=json-pretty

Please note that the dates are returned in epoch time format.

Regards,

Sandeep