How to activate DNSSEC

Domain Name System Security Extensions (DNSSEC) provide an extra layer of security to verify the authenticity and integrity of an IP address response. Azion provides DNSSEC compatibility as long as your top-level domain (TLD) registry supports it and your zone is configured with DNSSEC-related resource records on Edge DNS.

Activate DNSSEC via API

DNSSEC activation is available via Azion API:

  1. Run the following GET request in your terminal, replacing [TOKEN VALUE] with your personal token to retrieve your <hosted_zone_id>:
Terminal window
curl --location 'https://api.azionapi.net/intelligent_dns' \
--header 'Authorization: Token [TOKEN VALUE]' \
--header 'Accept: application/json; version=3'
  1. You’ll receive a response similar to this:
{
  "count": 1,
  "links": {
    "previous": null,
    "next": null
  },
  "total_pages": 1,
  "results": [
    {
      "domain": "youdomain.com",
      "is_active": true,
      "name": "A hosted zone",
      "id": 1234
    }
  ],
  "schema_version": 3
}
  1. Copy the <id> value of the specific zone in which you want to activate DNSSEC. In this example, it’s 1234.
  2. Run the following PATCH request in your terminal, replacing [TOKEN VALUE] with your personal token:
Terminal window
curl --location --request PATCH 'https://api.azionapi.net/intelligent_dns/hosted_zone_id/dnssec' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]' \
--header 'Content-Type: application/json' \
--data '{
    "is_enabled": true
}'
  1. You’ll receive a response similar to this:
{
  "results": {
    "is_enabled": true,
    "status": "waiting"
  },
  "schema_version": 3
}

Now, DNSSEC is active in the Edge DNS zone you specified.

Contributors