Ensure there's a valid connection between managed DNS Servers and the HSM servers. Should connection between the DNS Servers and the HSM servers fail, the DNS Servers may have issues with deployment and restarting DNS service.
Upon initial set-up of your HSM environment, verify the following:
- Ensure the names of any DNS views associated with your DNSSEC-HSM signing
policy don't contain spaces. If necessary, rename the DNS view and
use underscores instead of spaces.Note: Currently, a limitation exists whereby a space in the name of a DNS view may affect deployments with DNSSEC zone signing. If you are adding a DNS view that will be linked to a DNSSEC-HSM signing policy, the name of the view can't contain spaces. For more details, refer to the article 14957 on BlueCat Customer Care.
- IP addresses of all managed DNS Servers have been added as clients to the HSM server (this should've been performed by your HSM administrator)
- The firewall on managed DNS Servers is enabled and the firewall rules about HSM are active
- From the Address Manager user interface, make sure to select the check box Enable HSM when adding a managed DNS Server to the HSM configuration. Enabling HSM allows the DNS Server to join the HSM Security World, which is necessary for DNS deployment.