Having already created an DNSSEC-HSM signing policy, you can now apply the policy to a DNS zone.
To assign an DNSSEC-HSM signing policy to a DNS zone:
- Select the DNS tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
- Under DNS Views, click the name of a DNS view. The Top Level Domains section opens.
- Under Top Level Domains, click the name of a top level domain. The Sub Zones section opens.
- Click the DNSSEC tab. The Zone Signing, Zone Signing Keys, and Key Signing Keys sections appear.
- Under Zone Signing, click Configure Zone Signing. The Configure Zone Signing page opens.
- Under General Options, select the Signed check box.
- From the Signing Policy drop-down list, select a DNSSEC-HSM signing policy.
Click Update. Address Manager applies the
DNSSEC signing policy and the zone signing and key information appears on the
Note: If Address Manager cannot connect to any HSM servers, you will receive the following error:
Make sure Address Manager is connected to all HSM servers prior to assigning the DNSSEC-HSM signing policy.