3.5. Keysets¶
A keyset contains information which represents a set of DNSSEC keys.
Namespace: http://www.nic.cz/xml/epp/keyset-1.3
Schema: keyset-1.3.4.xsd
Note
DNSSEC keys mapping is partially based on the standard RFC 5910 but implemented with the following modifications:
keys are grouped in a set that is identified by a handle,
a standalone object instead of just a domain extension,
custom element structure for DNSSEC key representation,
association with technical contacts.
3.5.1. Object attributes¶
In addition to the common attributes, keysets also have the following attributes:
id
The keyset handle. See Handles of contacts, nssets and keysets.
dnskey
The 1–10 DNSSEC key(s), consisting of:
flags
Flags. Allowed values are:
0
,256
,257
.protocol
Protocol. The only allowed value is
3
.alg
Algorithm number defined by IANA, see DNS Security Algorithm Numbers.
The FRED EPP server does not allow to use
0
,1
,2
and252
by default. This can be customized in the blacklist tablednssec_algorithm_blacklist
(db:fred
, schema:public:
)pubKey
Public key as keyset:keyT.
Note
A DNSSEC key corresponds to a DNSKEY Resource Record, see RFC 4034#section-2.
tech
The handle(s) of 1–10 technical contact(s).
3.5.2. Object states¶
A keyset can have one or more of the following statuses:
ok
– no other states are setlinked
– the keyset has relation to other records in the RegistryserverDeleteProhibited
– deletion of the keyset is forbiddenserverTransferProhibited
– transfer of the keyset is forbiddenserverUpdateProhibited
– update of the keyset is forbiddendeleteCandidate
– the keyset is scheduled for deletion
3.5.3. Command-response mapping¶
For command-response mapping see a specific command syntax description: