Additional DNSSEC deployment options - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.3.0

The following options can set if configuring either automatic of manual DNSSEC Validation.

  • DNSSEC Must Be Secure—provides a list of domains and indicates if they must be signed or not for the server to accept answers. When the Secured check box is selected, the domains must be signed; when not selected, the domains don't need to be signed. This option can be set at the configuration, view, or server level.
  • DNSSEC Accept Expired—when enabled, the server accepts expired DNSSEC signatures. This option can be set at the configuration, view, or server level.
Note: Enabling the DNSSEC Accept Expired option leaves the server vulnerable to replay attacks.