Skip to content

🔐 DNSSEC

DNSSEC (DNS Security Extensions) management operations and types.

🚀 Quick Examples

List DNSSEC Records

from oinker import AsyncPiglet

async with AsyncPiglet() as piglet:
    records = await piglet.dnssec.list("example.com")
    for record in records:
        print(f"Key Tag: {record.key_tag}")
        print(f"Algorithm: {record.algorithm}")
        print(f"Digest Type: {record.digest_type}")
        print(f"Digest: {record.digest[:32]}...")

Create DNSSEC Record

from oinker import AsyncPiglet, DNSSECRecordCreate

async with AsyncPiglet() as piglet:
    await piglet.dnssec.create(
        "example.com",
        DNSSECRecordCreate(
            key_tag="64087",
            algorithm="13",
            digest_type="2",
            digest="15E445BD08128BDC213E25F1C8227DF4CB35186CAC701C1C335B2C406D5530DC",
        )
    )

Delete DNSSEC Record

async with AsyncPiglet() as piglet:
    # Delete by key tag
    await piglet.dnssec.delete("example.com", key_tag="64087")

Registry Behavior

Most registries will delete all DNSSEC records with matching data, not just the record with the matching key tag.

Operations

AsyncDNSSECAPI

oinker.dnssec.AsyncDNSSECAPI 

AsyncDNSSECAPI(http: HttpClient)

Async DNSSEC operations for the Porkbun API.

Accessed via piglet.dnssec.* methods.

Initialize DNSSEC API.

Parameters:

Name Type Description Default
http HttpClient

The HTTP client for making requests.

 required
Source code in src/oinker/dnssec/_api.py 
23
24
25
26
27
28
29
def __init__(self, http: HttpClient) -> None:
    """Initialize DNSSEC API.

    Args:
        http: The HTTP client for making requests.
    """
    self._http = http

list async 

list(domain: str) -> builtins.list[DNSSECRecord]

Get DNSSEC records for a domain from the registry.

Parameters:

Name Type Description Default
domain str

The domain name (e.g., "example.com").

 required

Returns:

Type Description
list[DNSSECRecord]

List of DNSSEC records.

Raises:

Type Description
AuthenticationError

If credentials are invalid.
NotFoundError

If domain is not found.
APIError

If the request fails.
Source code in src/oinker/dnssec/_api.py 
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
async def list(self, domain: str) -> builtins.list[DNSSECRecord]:
    """Get DNSSEC records for a domain from the registry.

    Args:
        domain: The domain name (e.g., "example.com").

    Returns:
        List of DNSSEC records.

    Raises:
        AuthenticationError: If credentials are invalid.
        NotFoundError: If domain is not found.
        APIError: If the request fails.
    """
    data = await self._http.post(f"/dns/getDnssecRecords/{domain}")
    records_dict = data.get("records", {})
    records: builtins.list[DNSSECRecord] = []
    for key_tag, record_data in records_dict.items():
        records.append(DNSSECRecord.from_api_response(key_tag, record_data))
    return records

create async 

create(domain: str, record: DNSSECRecordCreate) -> None

Create a DNSSEC record at the registry.

Note: DNSSEC creation differs at various registries. Most often only the DS data fields (key_tag, algorithm, digest_type, digest) are required.

Parameters:

Name Type Description Default
domain str

The domain name.

 required
record DNSSECRecordCreate

The DNSSEC record to create.

 required

Raises:

Type Description
AuthenticationError

If credentials are invalid.
NotFoundError

If domain is not found.
APIError

If the request fails.
Source code in src/oinker/dnssec/_api.py 
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
async def create(self, domain: str, record: DNSSECRecordCreate) -> None:
    """Create a DNSSEC record at the registry.

    Note: DNSSEC creation differs at various registries. Most often only
    the DS data fields (key_tag, algorithm, digest_type, digest) are required.

    Args:
        domain: The domain name.
        record: The DNSSEC record to create.

    Raises:
        AuthenticationError: If credentials are invalid.
        NotFoundError: If domain is not found.
        APIError: If the request fails.
    """
    body: dict[str, Any] = {
        "keyTag": record.key_tag,
        "alg": record.algorithm,
        "digestType": record.digest_type,
        "digest": record.digest,
    }

    if record.max_sig_life is not None:
        body["maxSigLife"] = record.max_sig_life
    if record.key_data_flags is not None:
        body["keyDataFlags"] = record.key_data_flags
    if record.key_data_protocol is not None:
        body["keyDataProtocol"] = record.key_data_protocol
    if record.key_data_algorithm is not None:
        body["keyDataAlgo"] = record.key_data_algorithm
    if record.key_data_public_key is not None:
        body["keyDataPubKey"] = record.key_data_public_key

    await self._http.post(f"/dns/createDnssecRecord/{domain}", body)

delete async 

delete(domain: str, key_tag: str) -> None

Delete a DNSSEC record from the registry.

Note: Most registries will delete all records with matching data, not just the record with the matching key tag.

Parameters:

Name Type Description Default
domain str

The domain name.

 required
key_tag str

The key tag of the record to delete.

 required

Raises:

Type Description
AuthenticationError

If credentials are invalid.
NotFoundError

If domain or record is not found.
APIError

If the request fails.
Source code in src/oinker/dnssec/_api.py 
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
async def delete(self, domain: str, key_tag: str) -> None:
    """Delete a DNSSEC record from the registry.

    Note: Most registries will delete all records with matching data,
    not just the record with the matching key tag.

    Args:
        domain: The domain name.
        key_tag: The key tag of the record to delete.

    Raises:
        AuthenticationError: If credentials are invalid.
        NotFoundError: If domain or record is not found.
        APIError: If the request fails.
    """
    await self._http.post(f"/dns/deleteDnssecRecord/{domain}/{key_tag}")

SyncDNSSECAPI

oinker.dnssec.SyncDNSSECAPI 

SyncDNSSECAPI(
    async_api: AsyncAPIType, runner: Callable[..., Any]
)

Bases: SyncAPIBase['AsyncDNSSECAPI']

Synchronous DNSSEC operations for the Porkbun API.

Accessed via piglet.dnssec.* methods.

Source code in src/oinker/_sync_base.py 
18
19
20
21
22
23
24
def __init__(
    self,
    async_api: AsyncAPIType,
    runner: Callable[..., Any],
) -> None:
    self._async_api = async_api
    self._run = runner

list 

list(domain: str) -> builtins.list[DNSSECRecord]

See :meth:AsyncDNSSECAPI.list.

Source code in src/oinker/dnssec/_sync.py 
24
25
26
def list(self, domain: str) -> builtins.list[DNSSECRecord]:
    """See :meth:`AsyncDNSSECAPI.list`."""
    return self._run(self._async_api.list(domain))

create 

create(domain: str, record: DNSSECRecordCreate) -> None

See :meth:AsyncDNSSECAPI.create.

Source code in src/oinker/dnssec/_sync.py 
28
29
30
def create(self, domain: str, record: DNSSECRecordCreate) -> None:
    """See :meth:`AsyncDNSSECAPI.create`."""
    self._run(self._async_api.create(domain, record))

delete 

delete(domain: str, key_tag: str) -> None

See :meth:AsyncDNSSECAPI.delete.

Source code in src/oinker/dnssec/_sync.py 
32
33
34
def delete(self, domain: str, key_tag: str) -> None:
    """See :meth:`AsyncDNSSECAPI.delete`."""
    self._run(self._async_api.delete(domain, key_tag))

Types

DNSSECRecord

oinker.DNSSECRecord dataclass 

DNSSECRecord(
    key_tag: str,
    algorithm: str,
    digest_type: str,
    digest: str,
)

A DNSSEC record from the registry.

Attributes:

Name Type Description
key_tag str

The DNSSEC key tag.
algorithm str

The DS data algorithm.
digest_type str

The digest type.
digest str

The digest value.

from_api_response classmethod 

from_api_response(
    key_tag: str, data: dict[str, Any]
) -> DNSSECRecord

Create from API response data.

Parameters:

Name Type Description Default
key_tag str

The key tag from the response dictionary key.

 required
data dict[str, Any]

The record data from API response.

 required

Returns:

Type Description
DNSSECRecord

A DNSSECRecord instance.
Source code in src/oinker/dnssec/_types.py 
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
@classmethod
def from_api_response(cls, key_tag: str, data: dict[str, Any]) -> DNSSECRecord:
    """Create from API response data.

    Args:
        key_tag: The key tag from the response dictionary key.
        data: The record data from API response.

    Returns:
        A DNSSECRecord instance.
    """
    return cls(
        key_tag=data.get("keyTag", key_tag),
        algorithm=data.get("alg", ""),
        digest_type=data.get("digestType", ""),
        digest=data.get("digest", ""),
    )

DNSSECRecordCreate

oinker.DNSSECRecordCreate dataclass 

DNSSECRecordCreate(
    key_tag: str,
    algorithm: str,
    digest_type: str,
    digest: str,
    max_sig_life: str | None = None,
    key_data_flags: str | None = None,
    key_data_protocol: str | None = None,
    key_data_algorithm: str | None = None,
    key_data_public_key: str | None = None,
)

Parameters for creating a DNSSEC record.

Most registries only require the DS data fields (key_tag, algorithm, digest_type, digest). The key data fields are optional and vary by registry.

Attributes:

Name Type Description
key_tag str

The DNSSEC key tag.
algorithm str

The DS data algorithm.
digest_type str

The digest type.
digest str

The digest value.
max_sig_life str | None

Optional max signature life.
key_data_flags str | None

Optional key data flags.
key_data_protocol str | None

Optional key data protocol.
key_data_algorithm str | None

Optional key data algorithm.
key_data_public_key str | None

Optional key data public key.