DNSSEC Configuration issue
Hi Team, I am trying to test DNSSEC on a trial version before rolling it out on production appliance. I have configured the Key signing key, Zone Signing key and mapped them to the DNSSEC Zone. However for some reason the DNSSEC zone is offline with error message: 'Offline (Enabled) - must contain at least one enabled KSK and enabled ZSK' I have verified that the KSK and ZSK are both in enabled state. Any pointers on why this could be happening? Best Regards, Shridhar Acharya
Validating resolver and trust anchors
Hi, I am trying to configure my F5 as a validating resolver. I am running 14.0 with a lab license so DNS is licensed. I am able to successfully resolve when using a transparent cache and a pool of DNS servers. I am able to successfully resolve when using a resolver cache. However, when trying to configure a validating resolver cache I am lost. If I am using a pool of dns servers which includes 8.8.8.8, what trust anchor should I configure? Also, what is the difference between a trust anchor and a dlv anchor? Do I need both? I have attempted to use the root trust anchors but I have no idea if that is correct either. Root trust anchors I used. . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
