This command will set DNS Sec on a passed in SLD/TLD directly at the registry. You can optionally also set, or only set the MaxSigLife parameter. Not all registries will support DNS Sec, and of those that do, not all of them will support setting of MaxSigLife.


Use this command to add DNS Sec for a specified SLD/TLD combination.


All resellers have access to this command.

Implementation on

Log on to with Login ID resellid, password resellpw.


The query must meet the following requirements:

  • The login ID and password must be valid.
  • SLD and TLD values must be supplied.

Input parameters

Build the query string using this syntax:

Parameter Status Description Max Size
UID Required Account login ID 20
PW Required Account password 20
SLD Required Second-level domain name (for example, enom in 63
TLD Required Top-level domain name (extension) 15
SetMaxLifeOnly Optional Boolean value that indicates you are only setting the MaxSigLife. If present, MaxSigLife must also be supplied. 1
MaxSigLife Optional Integer value that specifies the lifespan of the DNS Sec key.  
Alg Required

8-bit number representing the security algorithm being used. Valid values are:

  • 1 - RSA/MD5
  • 2 - Diffie-Hellman
  • 3 - DSA/SHA-1
  • 5 - RSA/SHA-1
  • 6 - DSA-NSEC3-SHA-1
  • 7 - RSASHA1-NSEC3-SHA1
  • 8 - RSA/SHA-256
  • 10 - RSA/SHA-512
  • 12 - GOST R 34.10-2001
  • 13 - ECDSA Curve P-256 with SHA-256
  • 14 - ECDSA Curve P-384 with SHA-384
Digest Required    
DigestType Required    
KeyTag Required    
ResponseType Optional Format of response. Permitted values are Text (default), HTML, or XML. 4


  • If the SetMaxLifeOnly parameter is passed in, the API command will only attempt to set that value, it will ignore anything else passed in. If you pass that parameter in as True, then the MaxSigLife input parameter is then required. Otherwise you can optionally pass that in along with the other DNS Key data for it to be attempted to be set at the registry.
  • The default response format is plain text. To receive the response in HTML or XML format, send ResponseType=HTML or ResponseType=XML in your request.
  • Check the return parameter ErrCount. If greater than 0 the transaction failed. The parameter Err(ErrCount) can be presented to the client. Otherwise process the returned parameters as defined above.