Managing DNSSEC keys - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Product name
BlueCat Integrity

View details of the specific keys, create an email message containing the key, perform an emergency key rollover, and delete the key.

Viewing key details

Review general information of a ZSK or KSK.

To view ZSK/KSK details:

  1. From the configuration drop-down menu, select a configuration.
  2. From the DNS or IP Space tab, navigate to a DNS zone or reverse zone.
  3. Select the DNSSEC tab.
  4. Under Zone Signing Keys or Key Signing Keys, click the number of a key.
    The General section shows the following information about the DNSSEC key:
    • Object ID—the system identification number for the DNSSEC key.
    • Active—indicates the status of the key. Yes indicates that the key is currently active. No indicates that the key is inactive; either its start time hasn't yet been reached, or its expiry date has elapsed.
    • Algorithm—indicates the algorithm used to generate the key.
    • Created Time—indicates the date and time the key was generated.
    • Expiry Time—indicates the date and time at which the key expires.
    • Key Tag—provides the key tag data for the key. The key tag is used during DNSSEC validation and when signing and resigning zones.
    • Length (bits)—indicates the number of bits in the key.
    • Public Key—displays the key text.
    • Start Time—indicates the date and time for the beginning of the key’s validity period. The start time is always midnight of the day you created the key.
    • TTL—indicates the TTL (time to live) for the key if an override TTL is specified when the key is created.