1. REST API for Oracle Private Cloud Appliance Compute Enclave
  2. Tasks
  3. DNS

Gets a list of all zones in the specified compartment

get

/20180115/zones

The collection can be filtered by name, time created, scope, associated view, and zone type. Filtering by view is only supported for private zones.

Request

Supported Media Types
Query Parameters
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the compartment.
  • Search for zones that have the given DnssecState.
    Allowed Values: [ "ENABLED", "DISABLED" ]
  • The state of a resource.
    Allowed Values: [ "ACTIVE" ]
  • Minimum Value: 1
    Maximum Value: 1000
    For list pagination. The maximum number of results per page, or items to return in a paginated List call. 1 is the minimum, 1000 is the maximum.
    Default Value: 100
  • A case-sensitive filter for zone names. Matches any zone that has a name that equals the provided value.
  • Search by zone name. Matches any zone with a name (case-insensitive) that contains the provided value.
  • Minimum Length: 1
    Maximum Length: 512
    For list pagination. The value of the opc-next-page response header from the previous List call.
    Default Value: 0
  • Specifies to operate only on resources that have a matching DNS scope.
    Allowed Values: [ "GLOBAL", "PRIVATE" ]
  • The field by which to sort zones.
    Default Value: timeCreated
    Allowed Values: [ "name", "zoneType", "timeCreated" ]
  • The sort order to use, either ascending (ASC) or descending (DESC).
    Default Value: ASC
    Allowed Values: [ "ASC", "DESC" ]
  • An [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) timestamp that states all returned resources were created on or after the indicated time.
  • An [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) timestamp that states all returned resources were created before the indicated time.
  • Minimum Length: 1
    Maximum Length: 255
    Search for zones that are associated with a TSIG key.
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the view the resource is associated with.
  • Search by zone type, PRIMARY or SECONDARY. Will match any zone whose type equals the provided value.
    Allowed Values: [ "PRIMARY", "SECONDARY" ]
Header Parameters
  • Minimum Length: 1
    Maximum Length: 98
    Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Back to Top

Response

Supported Media Types

200 Response

A response containing a list of zone objects.
Headers
  • For list pagination. When this header appears in the response, additional pages of results remain. For important details about how pagination works, see [List Pagination](/iaas/Content/API/Concepts/usingapi.htm#nine).
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
  • The total number of items that match the query.
Body ()
Root Schema : schema
Type: array
Show Source
Nested Schema : ZoneSummary
Type: object
A DNS zone. Avoid entering confidential information when you supply string values using the API.
Show Source
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the compartment containing the zone.
  • definedTags
    Additional Properties Allowed: additionalProperties
    Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"Operations": {"CostCenter": "42"}}
  • DnssecConfig
    DNSSEC configuration data. A zone may have a maximum total of 10 DnssecKeyVersions, regardless of signing key type.
  • Default Value: DISABLED
    Allowed Values: [ "ENABLED", "DISABLED" ]
    The state of DNSSEC on the zone. In order to benefit from utilizing DNSSEC, every parent zone in the DNS tree, up to the TLD or an independent trust anchor, must also have DNSSEC correctly set up. After enabling DNSSEC, a DS record must be added to this zone's parent zone containing data corresponding to the KskDnssecKeyVersion that gets created, and then the KskDnssecKeyVersion must be promoted via the PromoteZoneDnssecKeyVersion operation. New KskDnssecKeyVersions are generated annually, a week before the existing KskDnssecKeyVersion's expiration. KskDnssecKeyVersion rollover requires replacing the parent zone's DS record, corresponding to the current KskDnssecKeyVersion, using the data from its successor KskDnssecKeyVersion. To prevent service disruption from resolver caches including signatures using only the old KSK version, that DS record should not be replaced until the new version has been active for at least the DNSKEY TTL. After the DS replacement has been completed then the PromoteZoneDnssecKeyVersion operation must be called. Metrics are emitted in the oci_dns namespace daily for each KskDnssecKeyVersion indicating how many days are left until expiration. Alarms and notifications should be set up in order to be notified of the KskDnssecKeyVersion expiration so that the necessary parent zone updates can be made and the PromoteZoneDnssecKeyVersion operation can be called. Zones with DNSSEC enabled are subject to a maximum allowed TTL on records of 1 day (86400 seconds). Enabling DNSSEC will result in additional records in DNS responses which will increase their size and can cause higher response latency. Re-enabling DNSSEC on a zone shortly after it being disabled will restore the previous DnssecKeyVersions. TODO: Add link to DNSSEC docs covering: how to set up alarms/notifications, warnings about enabling/disabling, warnings about timing and impacts, how to handle automatic rollover, how to handle manual rollover, and how to handle emergency rollover.
  • freeformTags
    Additional Properties Allowed: additionalProperties
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the zone.
  • A Boolean flag indicating whether or not parts of the resource are unable to be explicitly managed.
  • Allowed Values: [ "ACTIVE", "CREATING", "DELETED", "DELETING", "FAILED", "UPDATING" ]
    The current state of the zone resource.
  • Minimum Length: 1
    Maximum Length: 254
    The name of the zone.
  • Allowed Values: [ "GLOBAL", "PRIVATE" ]
    The scope of the zone.
  • The canonical absolute URL of the resource.
  • The current serial of the zone. As seen in the zone's SOA record.
  • The date and time the resource was created in "YYYY-MM-ddThh:mm:ssZ" format with a Z offset, as defined by RFC 3339. Example: 2016-07-22T17:23:59:60Z
  • Version is the never-repeating, totally-orderable, version of the zone, from which the serial field of the zone's SOA record is derived.
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the private view containing the zone. This value will be null for zones in the global DNS, which are publicly resolvable and not part of a private view.
  • Allowed Values: [ "PRIMARY", "SECONDARY" ]
    The type of the zone. Must be either PRIMARY or SECONDARY. SECONDARY is only supported for GLOBAL zones.
Nested Schema : definedTags
Type: object
Additional Properties Allowed
Show Source
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"Operations": {"CostCenter": "42"}}
Nested Schema : DnssecConfig
Type: object
DNSSEC configuration data. A zone may have a maximum total of 10 DnssecKeyVersions, regardless of signing key type.
Show Source
Nested Schema : freeformTags
Type: object
Additional Properties Allowed
Show Source
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Key-value pair representing a defined tag key and value, scoped to a namespace. **Example:** `{"CostCenter": "42"}`
Nested Schema : additionalProperties
Type: object
The value of the tag. Only string, integer, and boolean types are supported.
Nested Schema : kskDnssecKeyVersions
Type: array
A read only array of KSK DnssecKeyVersions.
Show Source
Nested Schema : zskDnssecKeyVersions
Type: array
A read only array of ZSK DnssecKeyVersions.
Show Source
Nested Schema : KskDnssecKeyVersion
Type: object
A KSK DnssecKeyVersion. This contains timing and configuration data corresponding to the KSK that is used to apply DNSSEC on the zone.
Show Source
  • Allowed Values: [ "RSASHA256" ]
    The signing algorithm that will be utilized.
  • dsData
    An array of data for DS records corresponding with this key version. An entry will exist for each supported DS digest algorithm.
  • Minimum Value: 0
    Maximum Value: 65535
    The key tag associated with the DnssecKeyVersion. This key tag will be present in the RRSIG and DS records associated with the key material for this DnssecKeyVersion. For more information about key tags, see [RFC 4034](https://tools.ietf.org/html/rfc4034).
  • The length of the corresponding private key in bytes, expressed as an integer.
  • Minimum Length: 36
    Maximum Length: 36
    When populated, this is the UUID of the DnssecKeyVersion that this DnssecKeyVersion will replace or has replaced.
  • Minimum Length: 36
    Maximum Length: 36
    When populated, this is the UUID of the DnssecKeyVersion that will replace, or has replaced, this DnssecKeyVersion.
  • The date and time the key version went, or will go, active, expressed in RFC 3339 timestamp format. This is when the key material will be used to generate RRSIGs. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was created, expressed in RFC 3339 timestamp format. Example: 2016-07-22T17:23:59:00Z
  • The date and time at which the recommended key version publication/activation lifetime ends, expressed in RFC 3339 timestamp format. This is when the corresponding DNSKEY should no longer exist in zone contents and no longer be used to generate RRSIGs. For KSK, if PromoteZoneDnssecKeyVersion has not been called on this DnssecKeyVersion's successor then it will remain active for arbitrarily long past its recommended lifetime (preventing service disruption at the potential increased risk of key compromise). Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version went, or will go, inactive, expressed in RFC 3339 timestamp format. This is when the key material will no longer be used to generate RRSIGs. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was promoted expressed in RFC 3339 timestamp format. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was, or will be, published, expressed in RFC 3339 timestamp format. This is when the zone contents will include a DNSKEY record corresponding to the key material. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was, or will be, unpublished, expressed in RFC 3339 timestamp format. This is when the corresponding DNSKEY will be removed from zone contents. For a KSK DnssecKeyVersion this will be populated after PromoteZoneDnssecKeyVersion has been called on its successor DnssecKeyVersion. Example: 2016-07-22T17:23:59:00Z
  • Minimum Length: 36
    Maximum Length: 36
    The UUID of the DnssecKeyVersion.
Nested Schema : dsData
Type: array
Minimum Length: 1
An array of data for DS records corresponding with this key version. An entry will exist for each supported DS digest algorithm.
Show Source
Nested Schema : DnssecKeyVersionDsData
Type: object
Data for a parent-zone DS record corresponding to this key-signing key.
Show Source
  • Allowed Values: [ "SHA_256" ]
    The type of the digest associated with the rdata.
  • Presentation-format DS record data that must be added to the parent zone.
    Example: 60485 5 1 2BB183AF5F22588179A53B0A98631FAD1A292118
Nested Schema : ZskDnssecKeyVersion
Type: object
A ZSK DnssecKeyVersion. This contains timing and configuration data corresponding to the ZSK that is used to apply DNSSEC on the zone.
Show Source
  • Allowed Values: [ "RSASHA256" ]
    The signing algorithm that will be utilized.
  • Minimum Value: 0
    Maximum Value: 65535
    The key tag associated with the DnssecKeyVersion. This key tag will be present in the RRSIG and DS records associated with the key material for this DnssecKeyVersion. For more information about key tags, see [RFC 4034](https://tools.ietf.org/html/rfc4034).
  • The length of the corresponding private key in bytes, expressed as an integer.
  • Minimum Length: 36
    Maximum Length: 36
    When populated, this is the UUID of the DnssecKeyVersion that this DnssecKeyVersion will replace or has replaced.
  • Minimum Length: 36
    Maximum Length: 36
    When populated, this is the UUID of the DnssecKeyVersion that will replace, or has replaced, this DnssecKeyVersion.
  • The date and time the key version went, or will go, active, expressed in RFC 3339 timestamp format. This is when the key material will be used to generate RRSIGs. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was created, expressed in RFC 3339 timestamp format. Example: 2016-07-22T17:23:59:00Z
  • The date and time at which the recommended key version publication/activation lifetime ends, expressed in RFC 3339 timestamp format. This is when the corresponding DNSKEY should no longer exist in zone contents and no longer be used to generate RRSIGs. For KSK, if PromoteZoneDnssecKeyVersion has not been called on this DnssecKeyVersion's successor then it will remain active for arbitrarily long past its recommended lifetime (preventing service disruption at the potential increased risk of key compromise). Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version went, or will go, inactive, expressed in RFC 3339 timestamp format. This is when the key material will no longer be used to generate RRSIGs. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was promoted expressed in RFC 3339 timestamp format. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was, or will be, published, expressed in RFC 3339 timestamp format. This is when the zone contents will include a DNSKEY record corresponding to the key material. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was, or will be, unpublished, expressed in RFC 3339 timestamp format. This is when the corresponding DNSKEY will be removed from zone contents. For a KSK DnssecKeyVersion this will be populated after PromoteZoneDnssecKeyVersion has been called on its successor DnssecKeyVersion. Example: 2016-07-22T17:23:59:00Z
  • Minimum Length: 36
    Maximum Length: 36
    The UUID of the DnssecKeyVersion.

400 Response

Bad Request
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source
  • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
  • A human-readable error string.

401 Response

Unauthorized
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source
  • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
  • A human-readable error string.

404 Response

Not Found
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source
  • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
  • A human-readable error string.

429 Response

Too Many Requests
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source
  • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
  • A human-readable error string.

500 Response

Internal Server Error
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source
  • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
  • A human-readable error string.

Default Response

An error has occurred.
Headers
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source
  • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
  • A human-readable error string.
Back to Top