API & Integration

Reply
Highlighted

Script to supervise DNSSEC for infoblox

melaichi
Techie
Posts: 1
2338     0

Hi,

  I need a script to supervise the DNSSec service (key validity, key expiration for each kind of key zsk, ksk

 

Best regards

Re: Script to supervise DNSSEC for infoblox

GHorne Community Manager
Community Manager
Posts: 254
2339     0

Are you talking about rfc 5011 support ? or some other kind of management ?

Re: Script to supervise DNSSEC for infoblox

Timelord
Techie
Posts: 7
2339     0

I need such a script too -> Automated Updates of DNS Security (DNSSEC) Trust Anchors is that possible?

 

 

Re: Script to supervise DNSSEC for infoblox

Adviser
Posts: 70
2339     0

Hi,

 

This can be accomplished with a REST API call.

 

Below is a sample call

 

https://xx.xx.xx.xx.xx/wapi/v2.7/zone_auth?_return_fields=fqdn,is_dnssec_signed,dnssec_ksk_rollover_date,dnssec_zsk_rollover_date,dnssec_key_params&_return_type=json-pretty

 Below is a sample output.

 

5	
_ref	"zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS50ZXN0:test.com/default"
dnssec_key_params	
enable_ksk_auto_rollover	false
ksk_algorithms	[]
ksk_email_notification_enabled	false
ksk_rollover	31536000
ksk_rollover_notification_config	"REQUIRE_MANUAL_INTERVENTION"
ksk_snmp_notification_enabled	true
next_secure_type	"NSEC3"
nsec3_iterations	10
nsec3_salt_max_length	15
nsec3_salt_min_length	1
signature_expiration	345600
zsk_algorithms	[]
zsk_rollover	2592000
zsk_rollover_mechanism	"PRE_PUBLISH"
dnssec_ksk_rollover_date	1574544459
dnssec_zsk_rollover_date	1545600459
fqdn	"test.com"
is_dnssec_signed	true

 

You can specify individual zones in the calls to fine tune the results like below.

 

https://xx.xx.xx.xx.xx/wapi/v2.7/zone_auth?fqdn=test.com&_return_fields=fqdn,is_dnssec_signed,dnssec_ksk_rollover_date,dnssec_zsk_rollover_date,dnssec_key_params&_return_type=json-pretty

Please note that the dates are returned in epoch time format.

 

 

Regards,

Sandeep

Showing results for 
Search instead for 
Do you mean 

Recommended for You