Additional DNSSEC deployment options - BlueCat Address Manager - 8.3.2

Address Manager Administration Guide

prodname
BlueCat Address Manager
version_custom
8.3.2

The following options can set if configuring either automatic of manual DNSSEC Validation.

  • DNSSEC Must Be Secure—provides a list of domains and indicates if they must be signed or not for the server to accept answers. When the Secured check box is selected, the domains must be signed; when not selected, the domains do not need to be signed. This option can be set at the configuration, view, or server level.
  • DNSSEC Accept Expired—when enabled, the server accepts expired DNSSEC signatures. This option can be set at the configuration, view, or server level.
Note: Enabling the DNSSEC Accept Expired option leaves the server vulnerable to replay attacks.