Applying a DNSSEC signing policy to a reverse zone - BlueCat Address Manager - 8.3.0

Address Manager Administration Guide

prodname
BlueCat Address Manager
version_custom
8.3.0

If your zone requires reverse zone signing, apply the DNSSEC policy to the IPv4 block or IPv4 network at which you assigned the DNS deployment role. You can first create a unique signing policy for the reverse space of necessary.

When you sign a DNS zone or DNS reverse zone, Address Manager automatically enables the DNSSEC Key Auto Generate option for the configuration. This means that all keys will automatically roll over according to the key parameters set in the signing policy. For more information on the DNSSEC Key Auto Generate option, refer to Managing DNSSEC Key Rollover and Generation.

To apply a DNSSEC signing policy to a Reverse zone:

  1. From the configuration drop-down menu, select a configuration.
  2. Select the IP Space tab. Tabs remember the page on which you last worked, so select the tab again to ensure you're working on the Configuration Information page.
  3. Select the IPv4 block or IPv4 network that you want to sign.
  4. Click the DNSSEC tab. The Reverse Zone Signing, Zone Signing Keys, and Key Signing Keys sections appear.
  5. Under Zone Signing, click Configure Zone Signing. The Configure Reverse Zone Signing page opens.
  6. Select the Signed check box.
  7. From the Signing Policy drop-down menu, select a DNSSEC signing policy.
  8. Click Update.
  9. Configure DNSSEC deployment options if needed prior to deploying DNS service. For details, refer to Configuring a DNSSEC validating server.
  10. Deploy DNS service with your DNSSEC signing policy.