- Setup Domain
( /websites ) - Enable DNS
( /v2/websites/[website_id]/dns/enable ) - Enable DNSSec
( /v2/websites/[website_id]/dnssec ) - Call List Delegation Records
( /v2/websites/[website_id]/dns/ds_records )
Returns:
- domain - value of the affected domain
- keytag - Identifier for DNSSEC record
- algorithm - cryptographic algorithm that generates signature
- digest_type - algorithm that constructs digest
- digest - alpha numeric value to provide to registrar - Use the information to set the DS Records for the domain at the registrar
( dependent on the registrar ) - Listen for website_dnssec_rotation_start webhook
- Handle website_dnssec_rotation_start by updating registrar like step 5 and remove the old keys
8 (Optional). Listen for website_dnssec_rotation_complete
9 (Optional). Handle website_dnssec_rotation_complete by removing old key/DS Record from Registrar - Repeat from step 6