All DNS commands: (info) (create) (delete) (update) (dnssec)
Signing a domain name with DNSSEC is a two-step endeavour. 1. You instruct the DNS to sign the domain name. This will create private and public keys, and store them in the DNS system. Signing of a domain name is not immediate, but a background process, so you will have to wait until the process has finished. 2. You retrieve the public key from the DNS system, and send it to the registry.
In the examples hereunder this process is demonstrated.
This first command instructs the domain name system to sign the domain name with private and public keys.
<?xml version="1.0" encoding="UTF-8"?>
<epp>
<command>
<update>
<dns-ext:update xmlns:dns-ext="http://www.metaregistrar.com/epp/dns-ext-1.0">
<dns-ext:name>docu-test-domain.nl</dns-ext:name>
<dns-ext:chg>
<dns-ext:signed>true</dns-ext:signed>
</dns-ext:chg>
</dns-ext:update>
</update>
</command>
</epp>
The system responds with result code 1001: Command completed, but not immediately.
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:domain="urn:ietf:params:xml:ns:domain-1.0" xmlns:contact="urn:ietf:params:xml:ns:contact-1.0" xmlns:host="urn:ietf:params:xml:ns:host-1.0" xmlns:dns-ext="http://www.metaregistrar.com/epp/dns-ext-1.0" xmlns:ext="http://www.metaregistrar.com/epp/ext-1.0" xmlns:command-ext="http://www.metaregistrar.com/epp/command-ext-1.0" xmlns:command-ext-domain="http://www.metaregistrar.com/epp/command-ext-domain-1.0" xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1" xmlns:rgp="urn:ietf:params:xml:ns:rgp-1.0">
<response>
<result code="1001">
<msg>Command completed successfully;sign pending</msg>
</result>
<trID>
<svTRID>MTR_605a9e2de77f72dd9a93236ab0b4b9d9593f3b6c67ff</svTRID>
</trID>
</response>
</epp>
After this, wait some time (max 5 minutes) until the domain name is signed.
Then, retrieve the public key with a dns:info command.
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns='urn:ietf:params:xml:ns:epp-1.0' >
<command>
<info>
<dns-ext:info xmlns:dns-ext='http://www.metaregistrar.com/epp/dns-ext-1.0'>
<dns-ext:name>docu-test-case.nl</dns-ext:name>
</dns-ext:info>
</info>
<clTRID>ABC-12345</clTRID>
</command>
</epp>
The response contains a lot of information, but most importantly the public key
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:domain="urn:ietf:params:xml:ns:domain-1.0" xmlns:contact="urn:ietf:params:xml:ns:contact-1.0" xmlns:host="urn:ietf:params:xml:ns:host-1.0" xmlns:dns-ext="http://www.metaregistrar.com/epp/dns-ext-1.0" xmlns:ext="http://www.metaregistrar.com/epp/ext-1.0" xmlns:command-ext="http://www.metaregistrar.com/epp/command-ext-1.0" xmlns:command-ext-domain="http://www.metaregistrar.com/epp/command-ext-domain-1.0" xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1" xmlns:rgp="urn:ietf:params:xml:ns:rgp-1.0">
<response>
<result code="1000">
<msg>Command completed successfully</msg>
</result>
<resData>
<dns-ext:infData>
<dns-ext:name><![CDATA[docu-test-case.nl]]></dns-ext:name>
<dns-ext:content>
<dns-ext:name><![CDATA[docu-test-case.nl]]></dns-ext:name>
<dns-ext:content><![CDATA[ns1.docu-test-case.nl. hostmaster.docu-test-case.nl. 2017050802 10800 3600 604800 3600]]></dns-ext:content>
<dns-ext:type><![CDATA[SOA]]></dns-ext:type>
<dns-ext:ttl><![CDATA[3600]]></dns-ext:ttl>
<dns-ext:priority><![CDATA[]]></dns-ext:priority>
<dns-ext:disabled><![CDATA[false]]></dns-ext:disabled>
</dns-ext:content>
<dns-ext:content>
<dns-ext:name><![CDATA[docu-test-case.nl]]></dns-ext:name>
<dns-ext:content><![CDATA[127.0.0.1]]></dns-ext:content>
<dns-ext:type><![CDATA[A]]></dns-ext:type>
<dns-ext:ttl><![CDATA[3600]]></dns-ext:ttl>
<dns-ext:priority><![CDATA[]]></dns-ext:priority>
<dns-ext:disabled><![CDATA[false]]></dns-ext:disabled>
</dns-ext:content>
<dns-ext:keyData>
<dns-ext:flags><![CDATA[257]]></dns-ext:flags>
<dns-ext:protocol><![CDATA[3]]></dns-ext:protocol>
<dns-ext:alg><![CDATA[13]]></dns-ext:alg>
<dns-ext:pubKey><![CDATA[BIlMPw/ZKxBjstBbvZA/ENlOp71I2HxZL/ugXIkETgcABahwsOIOmRfoyZv0BhWoDNGXZ5N1D3SUFwq9+7HbqQ==]]></dns-ext:pubKey>
</dns-ext:keyData>
<dns-ext:dsData>
<dns-ext:keytag><![CDATA[48775]]></dns-ext:keytag>
<dns-ext:alg><![CDATA[13]]></dns-ext:alg>
<dns-ext:digestType><![CDATA[1]]></dns-ext:digestType>
<dns-ext:digest><![CDATA[3bb074a566a73d295c4c59acec2e4b92c24bff5e]]></dns-ext:digest>
</dns-ext:dsData>
</dns-ext:infData>
</resData>
<trID>
<svTRID>MTR_605a48eef46064b469445950dbd8b093e9b0d5d2b67e</svTRID>
</trID>
</response>
</epp>
This public key information (together with flags, protocol and algorithm) is then sent to the registry in question using a domain:update command.
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<command>
<update>
<domain:update>
<domain:name>docu-test-case.nl</domain:name>
</domain:update>
</update>
<extension>
<secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
<secDNS:add>
<secDNS:keyData>
<secDNS:flags>257</secDNS:flags>
<secDNS:protocol>3</secDNS:protocol>
<secDNS:alg>13</secDNS:alg>
<secDNS:pubKey>BIlMPw/ZKxBjstBbvZA/ENlOp71I2HxZL/ugXIkETgcABahwsOIOmRfoyZv0BhWoDNGXZ5N1D3SUFwq9+7HbqQ==</secDNS:pubKey>
</secDNS:keyData>
</secDNS:add>
</secDNS:update>
</extension>
<clTRID>591071c376ac5</clTRID>
</command>
</epp>