DNSSEC keys within bigipgtm_conf

i have 2 devices in HA failover. i restored both to previous ucs. I have verified that DNSSEC KSK and ZSK are correct and match others in GTM. when i run "dig DNSKEY mydomain. @localhost +multiline" i see ZSK keytag 12345. however the correct tag is 67890 which is listed under only generation through gui. bigip_gtm.conf shows correct ZSK 67890, but bigip_gtm.conf.bak shows the 12345.

Today when i logged in and checked both the .conf and .conf.bak show correct keytag 67890 however "dig DNSKEY mydomain. @localhost +multiline" still shows incorrect 12345 only. i tried tmsh load bigip_gtm.conf. i received no errors and still same results.

What am i missing or doing incorrectly to force the BIGIP to read the keys in the bigip_gtm.conf?

BIG-IP DNS

devops

security

Forum Discussion

DNSSEC keys within bigipgtm_conf

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

Enabling DNSSEC for 1 record only

The BIG-IP GTM: Configuring DNSSEC

BIG-IP DNS DNSSEC and DKIM

Lightboard Lessons: DNSSEC

Convergence vs. DNSSEC