You can perform an emergency key rollover at the DNS zone or reverse zone level, or for one or both DNSSEC keys.
After performing an emergency key rollover, you must deploy the configuration to re-sign the zone on your servers.
When you perform the rollover at the zone or reverse zone level, all keys in the zone are affected.
To perform an emergency rollover for all keys in a zone:
- From the configuration drop-down menu, select a configuration.
- From the DNS or IP Space tab, navigate to a DNS zone or reverse zone.
- Select the DNSSEC tab.
- Click the DNS zone name, IPv4 block name, or IPv4 network name menu and select Emergency Rollover Active Keys.
- Under DNSSEC Key(s) Rollover, review the message to confirm that you have selected the correct items to roll over.
- Click Yes.