DisableHostedZoneDNSSEC - Amazon Route 53


Disables DNSSEC signing in a specific hosted zone. This action does not deactivate any key-signing keys (KSKs) that are active in the hosted zone.

Request Syntax

POST /2013-04-01/hostedzone/Id/disable-dnssec HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.


A unique string used to identify a hosted zone.

Length Constraints: Maximum length of 32.

Required: Yes

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200 <?xml version="1.0" encoding="UTF-8"?> <DisableHostedZoneDNSSECResponse> <ChangeInfo> <Comment>string</Comment> <Id>string</Id> <Status>string</Status> <SubmittedAt>timestamp</SubmittedAt> </ChangeInfo> </DisableHostedZoneDNSSECResponse>

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in XML format by the service.


Root level tag for the DisableHostedZoneDNSSECResponse parameters.

Required: Yes


A complex type that describes change information about changes made to your hosted zone.

Type: ChangeInfo object


For information about the errors that are common to all actions, see Common Errors.


Another user submitted a request to create, update, or delete the object at the same time that you did. Retry the request.

HTTP Status Code: 400


The hosted zone doesn't have any DNSSEC resources.

HTTP Status Code: 400


Parameter name is not valid.

HTTP Status Code: 400


The input is not valid.

HTTP Status Code: 400


The key-signing key (KSK) status isn't valid or another KSK has the status INTERNAL_FAILURE.

HTTP Status Code: 400


The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC signing.

HTTP Status Code: 400


The key-signing key (KSK) is specified in a parent DS record.

HTTP Status Code: 400


No hosted zone exists with the ID that you specified.

HTTP Status Code: 404

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: