1. REST API for Oracle Private Cloud Appliance Compute Enclave
  2. Tasks
  3. DNS

UpdateZone

put

/20180115/zones/{zone_name_or_id}

Update the zone with the specified information. Global secondary zones may have their external masters updated. When the zone name is provided as a path parameter and PRIVATE is used for the scope query parameter then the viewId query parameter is required.

Request

Supported Media Types
Path Parameters
Query Parameters
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the compartment the zone belongs to. Deprecated. Do not use.
  • Specifies to operate only on resources that have a matching DNS scope.
    Allowed Values: [ "GLOBAL", "PRIVATE" ]
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the view the resource is associated with.
Header Parameters
  • The If-Unmodified-Since header field makes the request method conditional on the selected representation's last modification date being earlier than or equal to the date provided in the field-value. This field accomplishes the same purpose as If-Match for cases where the user agent does not have an entity-tag for the representation.
  • For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource's current etag value.
  • Minimum Length: 1
    Maximum Length: 98
    Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
New data for the zone.
Root Schema : UpdateZoneDetails
Type: object
The body for updating a zone. Avoid entering confidential information when you supply string values using the API.
Show Source
  • definedTags
    Additional Properties Allowed: additionalProperties
    Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"Operations": {"CostCenter": "42"}}
  • Default Value: DISABLED
    Allowed Values: [ "ENABLED", "DISABLED" ]
    The state of DNSSEC on the zone. In order to benefit from utilizing DNSSEC, every parent zone in the DNS tree, up to the TLD or an independent trust anchor, must also have DNSSEC correctly set up. After enabling DNSSEC, a DS record must be added to this zone's parent zone containing data corresponding to the KskDnssecKeyVersion that gets created, and then the KskDnssecKeyVersion must be promoted via the PromoteZoneDnssecKeyVersion operation. New KskDnssecKeyVersions are generated annually, a week before the existing KskDnssecKeyVersion's expiration. KskDnssecKeyVersion rollover requires replacing the parent zone's DS record, corresponding to the current KskDnssecKeyVersion, using the data from its successor KskDnssecKeyVersion. To prevent service disruption from resolver caches including signatures using only the old KSK version, that DS record should not be replaced until the new version has been active for at least the DNSKEY TTL. After the DS replacement has been completed then the PromoteZoneDnssecKeyVersion operation must be called. Metrics are emitted in the oci_dns namespace daily for each KskDnssecKeyVersion indicating how many days are left until expiration. Alarms and notifications should be set up in order to be notified of the KskDnssecKeyVersion expiration so that the necessary parent zone updates can be made and the PromoteZoneDnssecKeyVersion operation can be called. Zones with DNSSEC enabled are subject to a maximum allowed TTL on records of 1 day (86400 seconds). Enabling DNSSEC will result in additional records in DNS responses which will increase their size and can cause higher response latency. Re-enabling DNSSEC on a zone shortly after it being disabled will restore the previous DnssecKeyVersions. TODO: Add link to DNSSEC docs covering: how to set up alarms/notifications, warnings about enabling/disabling, warnings about timing and impacts, how to handle automatic rollover, how to handle manual rollover, and how to handle emergency rollover.
  • externalDownstreams
    External secondary servers for the zone. This field is currently not supported when zoneType is SECONDARY or scope is PRIVATE.
  • externalMasters
    External master servers for the zone. externalMasters becomes a required parameter when the zoneType value is SECONDARY.
  • freeformTags
    Additional Properties Allowed: additionalProperties
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
Nested Schema : definedTags
Type: object
Additional Properties Allowed
Show Source
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"Operations": {"CostCenter": "42"}}
Nested Schema : externalDownstreams
Type: array
External secondary servers for the zone. This field is currently not supported when zoneType is SECONDARY or scope is PRIVATE.
Show Source
Nested Schema : externalMasters
Type: array
External master servers for the zone. externalMasters becomes a required parameter when the zoneType value is SECONDARY.
Show Source
Nested Schema : freeformTags
Type: object
Additional Properties Allowed
Show Source
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Key-value pair representing a defined tag key and value, scoped to a namespace. Example: {"CostCenter": "42"}
Nested Schema : additionalProperties
Type: object
The value of the tag. Only string, integer, and boolean types are supported.
Nested Schema : ExternalDownstream
Type: object
External downstream nameserver for the zone. This field is currently not supported when zoneType is SECONDARY or scope is PRIVATE.
Show Source
  • The server's IP address (IPv4 or IPv6).
  • Default Value: 53
    The server's port. Port value must be a value of 53, otherwise omit the port value.
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the TSIG key. A TSIG key is used to secure DNS messages (in this case, zone transfers) between two systems that both have the (shared) secret.
Nested Schema : ExternalMaster
Type: object
An external master name server used as the source of zone data.
Show Source
Back to Top

Response

Supported Media Types

200 Response

A response containing a single zone object.
Headers
  • The current version of the resource, ending with a representation-specific suffix. This value may be used in If-Match and If-None-Match headers for later requests of the same resource.
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
  • Unique Oracle-assigned identifier for the asynchronous request. You can use this to query status of the asynchronous operation.
Body ()
Root Schema : Zone
Type: object
A DNS zone. Avoid entering confidential information when you supply string values using the API.
Show Source
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the compartment containing the zone.
  • definedTags
    Additional Properties Allowed: additionalProperties
    Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"Operations": {"CostCenter": "42"}}
  • DnssecConfig
    DNSSEC configuration data. A zone may have a maximum total of 10 DnssecKeyVersions, regardless of signing key type.
  • Default Value: DISABLED
    Allowed Values: [ "ENABLED", "DISABLED" ]
    The state of DNSSEC on the zone. In order to benefit from utilizing DNSSEC, every parent zone in the DNS tree, up to the TLD or an independent trust anchor, must also have DNSSEC correctly set up. After enabling DNSSEC, a DS record must be added to this zone's parent zone containing data corresponding to the KskDnssecKeyVersion that gets created, and then the KskDnssecKeyVersion must be promoted via the PromoteZoneDnssecKeyVersion operation. New KskDnssecKeyVersions are generated annually, a week before the existing KskDnssecKeyVersion's expiration. KskDnssecKeyVersion rollover requires replacing the parent zone's DS record, corresponding to the current KskDnssecKeyVersion, using the data from its successor KskDnssecKeyVersion. To prevent service disruption from resolver caches including signatures using only the old KSK version, that DS record should not be replaced until the new version has been active for at least the DNSKEY TTL. After the DS replacement has been completed then the PromoteZoneDnssecKeyVersion operation must be called. Metrics are emitted in the oci_dns namespace daily for each KskDnssecKeyVersion indicating how many days are left until expiration. Alarms and notifications should be set up in order to be notified of the KskDnssecKeyVersion expiration so that the necessary parent zone updates can be made and the PromoteZoneDnssecKeyVersion operation can be called. Zones with DNSSEC enabled are subject to a maximum allowed TTL on records of 1 day (86400 seconds). Enabling DNSSEC will result in additional records in DNS responses which will increase their size and can cause higher response latency. Re-enabling DNSSEC on a zone shortly after it being disabled will restore the previous DnssecKeyVersions. TODO: Add link to DNSSEC docs covering: how to set up alarms/notifications, warnings about enabling/disabling, warnings about timing and impacts, how to handle automatic rollover, how to handle manual rollover, and how to handle emergency rollover.
  • externalDownstreams
    External secondary servers for the zone. This field is currently not supported when zoneType is SECONDARY or scope is PRIVATE.
  • externalMasters
    External master servers for the zone. externalMasters becomes a required parameter when the zoneType value is SECONDARY.
  • freeformTags
    Additional Properties Allowed: additionalProperties
    Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the zone.
  • A Boolean flag indicating whether or not parts of the resource are unable to be explicitly managed.
  • Allowed Values: [ "ACTIVE", "CREATING", "DELETED", "DELETING", "FAILED", "UPDATING" ]
    The current state of the zone resource.
  • Minimum Length: 1
    Maximum Length: 254
    The name of the zone.
  • nameservers
    The authoritative nameservers for the zone.
  • Allowed Values: [ "GLOBAL", "PRIVATE" ]
    The scope of the zone.
  • The canonical absolute URL of the resource.
  • The current serial of the zone. As seen in the zone's SOA record.
  • The date and time the resource was created in "YYYY-MM-ddThh:mm:ssZ" format with a Z offset, as defined by RFC 3339. Example: 2016-07-22T17:23:59:60Z
  • Version is the never-repeating, totally-orderable, version of the zone, from which the serial field of the zone's SOA record is derived.
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the private view containing the zone. This value will be null for zones in the global DNS, which are publicly resolvable and not part of a private view.
  • zoneTransferServers
    The OCI nameservers that transfer the zone data with external nameservers.
  • Allowed Values: [ "PRIMARY", "SECONDARY" ]
    The type of the zone. Must be either PRIMARY or SECONDARY. SECONDARY is only supported for GLOBAL zones.
Nested Schema : definedTags
Type: object
Additional Properties Allowed
Show Source
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"Operations": {"CostCenter": "42"}}
Nested Schema : DnssecConfig
Type: object
DNSSEC configuration data. A zone may have a maximum total of 10 DnssecKeyVersions, regardless of signing key type.
Show Source
Nested Schema : externalDownstreams
Type: array
External secondary servers for the zone. This field is currently not supported when zoneType is SECONDARY or scope is PRIVATE.
Show Source
Nested Schema : externalMasters
Type: array
External master servers for the zone. externalMasters becomes a required parameter when the zoneType value is SECONDARY.
Show Source
Nested Schema : freeformTags
Type: object
Additional Properties Allowed
Show Source
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
Nested Schema : nameservers
Type: array
The authoritative nameservers for the zone.
Show Source
Nested Schema : zoneTransferServers
Type: array
The OCI nameservers that transfer the zone data with external nameservers.
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Key-value pair representing a defined tag key and value, scoped to a namespace. Example: {"CostCenter": "42"}
Nested Schema : additionalProperties
Type: object
The value of the tag. Only string, integer, and boolean types are supported.
Nested Schema : kskDnssecKeyVersions
Type: array
A read only array of KSK DnssecKeyVersions.
Show Source
Nested Schema : zskDnssecKeyVersions
Type: array
A read only array of ZSK DnssecKeyVersions.
Show Source
Nested Schema : KskDnssecKeyVersion
Type: object
A KSK DnssecKeyVersion. This contains timing and configuration data corresponding to the KSK that is used to apply DNSSEC on the zone.
Show Source
  • Allowed Values: [ "RSASHA256" ]
    The signing algorithm that will be utilized.
  • dsData
    An array of data for DS records corresponding with this key version. An entry will exist for each supported DS digest algorithm.
  • Minimum Value: 0
    Maximum Value: 65535
    The key tag associated with the DnssecKeyVersion. This key tag will be present in the RRSIG and DS records associated with the key material for this DnssecKeyVersion. For more information about key tags, see [RFC 4034](https://tools.ietf.org/html/rfc4034).
  • The length of the corresponding private key in bytes, expressed as an integer.
  • Minimum Length: 36
    Maximum Length: 36
    When populated, this is the UUID of the DnssecKeyVersion that this DnssecKeyVersion will replace or has replaced.
  • Minimum Length: 36
    Maximum Length: 36
    When populated, this is the UUID of the DnssecKeyVersion that will replace, or has replaced, this DnssecKeyVersion.
  • The date and time the key version went, or will go, active, expressed in RFC 3339 timestamp format. This is when the key material will be used to generate RRSIGs. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was created, expressed in RFC 3339 timestamp format. Example: 2016-07-22T17:23:59:00Z
  • The date and time at which the recommended key version publication/activation lifetime ends, expressed in RFC 3339 timestamp format. This is when the corresponding DNSKEY should no longer exist in zone contents and no longer be used to generate RRSIGs. For KSK, if PromoteZoneDnssecKeyVersion has not been called on this DnssecKeyVersion's successor then it will remain active for arbitrarily long past its recommended lifetime (preventing service disruption at the potential increased risk of key compromise). Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version went, or will go, inactive, expressed in RFC 3339 timestamp format. This is when the key material will no longer be used to generate RRSIGs. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was promoted expressed in RFC 3339 timestamp format. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was, or will be, published, expressed in RFC 3339 timestamp format. This is when the zone contents will include a DNSKEY record corresponding to the key material. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was, or will be, unpublished, expressed in RFC 3339 timestamp format. This is when the corresponding DNSKEY will be removed from zone contents. For a KSK DnssecKeyVersion this will be populated after PromoteZoneDnssecKeyVersion has been called on its successor DnssecKeyVersion. Example: 2016-07-22T17:23:59:00Z
  • Minimum Length: 36
    Maximum Length: 36
    The UUID of the DnssecKeyVersion.
Nested Schema : dsData
Type: array
Minimum Length: 1
An array of data for DS records corresponding with this key version. An entry will exist for each supported DS digest algorithm.
Show Source
Nested Schema : DnssecKeyVersionDsData
Type: object
Data for a parent-zone DS record corresponding to this key-signing key.
Show Source
  • Allowed Values: [ "SHA_256" ]
    The type of the digest associated with the rdata.
  • Presentation-format DS record data that must be added to the parent zone.
    Example: 60485 5 1 2BB183AF5F22588179A53B0A98631FAD1A292118
Nested Schema : ZskDnssecKeyVersion
Type: object
A ZSK DnssecKeyVersion. This contains timing and configuration data corresponding to the ZSK that is used to apply DNSSEC on the zone.
Show Source
  • Allowed Values: [ "RSASHA256" ]
    The signing algorithm that will be utilized.
  • Minimum Value: 0
    Maximum Value: 65535
    The key tag associated with the DnssecKeyVersion. This key tag will be present in the RRSIG and DS records associated with the key material for this DnssecKeyVersion. For more information about key tags, see [RFC 4034](https://tools.ietf.org/html/rfc4034).
  • The length of the corresponding private key in bytes, expressed as an integer.
  • Minimum Length: 36
    Maximum Length: 36
    When populated, this is the UUID of the DnssecKeyVersion that this DnssecKeyVersion will replace or has replaced.
  • Minimum Length: 36
    Maximum Length: 36
    When populated, this is the UUID of the DnssecKeyVersion that will replace, or has replaced, this DnssecKeyVersion.
  • The date and time the key version went, or will go, active, expressed in RFC 3339 timestamp format. This is when the key material will be used to generate RRSIGs. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was created, expressed in RFC 3339 timestamp format. Example: 2016-07-22T17:23:59:00Z
  • The date and time at which the recommended key version publication/activation lifetime ends, expressed in RFC 3339 timestamp format. This is when the corresponding DNSKEY should no longer exist in zone contents and no longer be used to generate RRSIGs. For KSK, if PromoteZoneDnssecKeyVersion has not been called on this DnssecKeyVersion's successor then it will remain active for arbitrarily long past its recommended lifetime (preventing service disruption at the potential increased risk of key compromise). Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version went, or will go, inactive, expressed in RFC 3339 timestamp format. This is when the key material will no longer be used to generate RRSIGs. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was promoted expressed in RFC 3339 timestamp format. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was, or will be, published, expressed in RFC 3339 timestamp format. This is when the zone contents will include a DNSKEY record corresponding to the key material. Example: 2016-07-22T17:23:59:00Z
  • The date and time the key version was, or will be, unpublished, expressed in RFC 3339 timestamp format. This is when the corresponding DNSKEY will be removed from zone contents. For a KSK DnssecKeyVersion this will be populated after PromoteZoneDnssecKeyVersion has been called on its successor DnssecKeyVersion. Example: 2016-07-22T17:23:59:00Z
  • Minimum Length: 36
    Maximum Length: 36
    The UUID of the DnssecKeyVersion.
Nested Schema : ExternalDownstream
Type: object
External downstream nameserver for the zone. This field is currently not supported when zoneType is SECONDARY or scope is PRIVATE.
Show Source
  • The server's IP address (IPv4 or IPv6).
  • Default Value: 53
    The server's port. Port value must be a value of 53, otherwise omit the port value.
  • Minimum Length: 1
    Maximum Length: 255
    The OCID of the TSIG key. A TSIG key is used to secure DNS messages (in this case, zone transfers) between two systems that both have the (shared) secret.
Nested Schema : ExternalMaster
Type: object
An external master name server used as the source of zone data.
Show Source
Nested Schema : Nameserver
Type: object
A server that has been set up to answer DNS queries for a zone.
Show Source
Nested Schema : ZoneTransferServer
Type: object
An OCI nameserver that transfers zone data with external nameservers.
Show Source

400 Response

Bad Request
Headers
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source

401 Response

Unauthorized
Headers
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source

404 Response

Not Found
Headers
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source

409 Response

Conflict
Headers
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source

412 Response

Precondition Failed
Headers
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source

422 Response

Unprocessable Entity
Headers
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source

429 Response

Too Many Requests
Headers
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source

500 Response

Internal Server Error
Headers
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source

Default Response

An error has occurred.
Headers
  • Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
Body ()
Root Schema : Error
Type: object
The properties that define an error.
Show Source
Back to Top