How to set the DNSSEC Trust Anchors deployment option.
The DNSSEC Trust Anchors deployment option provides the public keys for trusted zones. Use this option to create DNSSEC trust anchors that will be used when the DNSSEC Validation deployment option is set to True. This option is set at the server level. When setting DNSSEC trust anchors, you will need the KSKs for the trusted zones from the zone administrators.
To set the DNSSEC Trust Anchors deployment option:
- Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
- Under Servers, click a server name. The Details tab for the server opens.
- Click the Deployment Options tab.
- Under Deployment Options, click New and select DNS Option.
- From the Option list, select DNSSEC Trust Anchors. The fields for the DNSSEC Trust Anchors option open.
- In the FQDN field, enter the fully-qualified domain name for the zone.
- In the Key field, paste the KSK provided by the trusted zone’s administrator.
- Click Add. The zone and key are added to the list. To change the order of items in the list, select an item in the list and click the Move up and Move down buttons. To remove an item from the list, select an item in the list and click Remove.
- Repeat these steps to add more DNS zones and keys.
- Click Add.