Forum Discussion

Nimbostratus

Jun 01, 2014

GTM DNSSEC module and dotgov domains

Hi, I am trying to get a .gov domain hosted by us on a GTM with the DNSSEC module configured and am running into issues getting it to pass the validation tests from the feds. They are wanting t...

BIG-IP DNS

deployment

Cory_50405

Noctilucent

Jun 03, 2014

I work for a federal government agency as well, and we're subject to the same processes. We have DNSSEC working for all of our domains and we don't publish DS records. The DS record is hosted by the parent, which in this case is dotgov.gov. If you are getting a response for a DS record for a .gov domain, it's likely coming from dotgov. Dotgov is probably saying they aren't finding a corresponding DNSKEY (vice a DS record) on your GTMs. Do you have your zones created with a KSK and ZSK assigned to them? If so, then there should be a DNSKEY in place.

https://grepular.com/Understanding_DNSSEC

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

GTM DNSSEC module and dotgov domains

Recent Discussions

फोनपे में गलत ट्रांजेक्शन

फोनपे में गलत ट्रांजेक्शन

फोनपे में गलत ट्रांजेक्शन

F5 101 EXAM

GEARHEAD ENGINEERS ORG: HOW TO GET YOUR BITCOIN OR ANY OTHER CRYPTOCURRENCY BACK FROM A SCAMMER.

Related Content

Configuring BIG-IP for Zone Transfer and DNSSEC

Enabling DNSSEC for 1 record only

The BIG-IP GTM: Configuring DNSSEC

Enriching AFM with public domain Threat Intelligence

BIG-IP DNS DNSSEC and DKIM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS