3.5. Keysets

A keyset contains information which represents a set of DNSSEC keys.

Namespace: http://www.nic.cz/xml/epp/keyset-1.3
Schema: keyset-1.3.4.xsd

Note

DNSSEC keys mapping is partially based on the standard RFC 5910 but implemented with the following modifications:

• keys are grouped in a set that is identified by a handle,

• a standalone object instead of just a domain extension,

• custom element structure for DNSSEC key representation,

• association with technical contacts.

3.5.1. Object attributes

In addition to the common attributes, keysets also have the following attributes:

id

The keyset handle. See Handles of contacts, nssets and keysets.

dnskey

The 1–10 DNSSEC key(s), consisting of:

flags

Flags. Allowed values are: 0, 256, 257.

protocol

Protocol. The only allowed value is 3.

alg

Algorithm number defined by IANA, see DNS Security Algorithm Numbers.

The FRED EPP server does not allow to use 0, 1, 2 and 252 by default. This can be customized in the blacklist table dnssec_algorithm_blacklist (db: fred, schema: public:)

pubKey

Public key as keyset:keyT.

Note

A DNSSEC key corresponds to a DNSKEY Resource Record, see RFC 4034#section-2.

tech

The handle(s) of 1–10 technical contact(s).

3.5.2. Object states

A keyset can have one or more of the following statuses:

• ok – no other states are set

• linked – the keyset has relation to other records in the Registry

• serverDeleteProhibited – deletion of the keyset is forbidden

• serverTransferProhibited – transfer of the keyset is forbidden

• serverUpdateProhibited – update of the keyset is forbidden

• deleteCandidate – the keyset is scheduled for deletion

3.5.3. Command-response mapping

For command-response mapping see a specific command syntax description:

• keyset:check

• keyset:create

• keyset:delete

• keyset:info

• keyset:transfer

• keyset:update

• keyset:sendAuthInfo