DNSSEC KSK Key Cannot Auto Rollover

Question

&nbsp;1. In first, there is only ID12 key exist which Expiration Time is 2019-07-31.&nbsp;2. I expected that there is a new key generated on 2019-07-11 but it does not show.&nbsp;3. I manual change the expiration Time of ID 12 to 2019-08-30, then a new key ID 13 appear.&nbsp;4. In conclusion, if I do not manual change the Expiration Time of ID 12. There is no any key available after 2019-07-31.&nbsp;Not sure it's related to Bug , I am not able to find bug.&nbsp;

cjunior · Answer

Hi,&nbsp;I'm working with DNSSEC on v13.1.1.5 since v11.5 and I honestly found no bugs on this feature.Maybe you need to double check key setting for the automatic management rollover you are using, I don't know :/ Could you confirm the BIG-IP version and that's all correct on automatic KSK settings?&nbsp;Best regards.

lokesh · Answer

Hi ,&nbsp;I am using 12.1.3 .

cjunior · Answer

Yes, there are issues that I have not experienced (lucky :)Is this your case?https://support.f5.com/csp/article/K51064420Regards

Forum Discussion

DNSSEC KSK Key Cannot Auto Rollover

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Configuring BIG-IP for Zone Transfer and DNSSEC

Enabling DNSSEC for 1 record only

The BIG-IP GTM: Configuring DNSSEC

BIG-IP DNS DNSSEC and DKIM

Lightboard Lessons: DNSSEC

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS