Disable HSM support on a managed DNS Server and withdraw it from the HSM Security World.
A managed BlueCat DNS Server can perform zone signing using either DNSSEC-HSM or standard DNSSEC—not both. Once a BlueCat DNS Server has been configured for HSM zone signing, it can't be used for standard DNSSEC zone signing. If you withdraw a managed DNS Server from the HSM Security World and wish to repurpose it for standard DNSSEC, it must be re-imaged.
To disable HSM on managed DNS Servers:
- From the configuration drop-down menu, select a configuration.
- Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
- Under Servers, click the name of the managed DNS Server on which you wish to disable HSM.
- Click the DNS server name menu and select Edit.
- Under HSM Support, deselect the check box, Enable HSM Support. The Edit Server page refreshes to remove your HSM configuration and HSM drop-down menu.
- Under Change Control, add comments, if required.
- Click Update.
In the General section of the
Details tab, you will see Enable HSM Support: No —
this confirms that HSM has been disabled on the DNS Server.