View details of the specific keys, create an email message containing the key, perform an emergency key rollover, and delete the key.
Viewing key details
Review general information of a ZSK or KSK.
To view ZSK/KSK details:
- From the configuration drop-down menu, select a configuration.
- From the DNS or IP Space tab, navigate to a DNS zone or reverse zone.
- Select the DNSSEC tab.
-
Under Zone
Signing Keys or Key Signing Keys,
click the number of a key.
The General section shows the following information about the DNSSEC key:
- Object ID—the system identification number for the DNSSEC key.
- Active—indicates the status of the key. Yes indicates that the key is currently active. No indicates that the key is inactive; either its start time hasn't yet been reached, or its expiry date has elapsed.
- Algorithm—indicates the algorithm used to generate the key.
- Created Time—indicates the date and time the key was generated.
- Expiry Time—indicates the date and time at which the key expires.
- Key Tag—provides the key tag data for the key. The key tag is used during DNSSEC validation and when signing and resigning zones.
- Length (bits)—indicates the number of bits in the key.
- Public Key—displays the key text.
- Start Time—indicates the date and time for the beginning of the key’s validity period. The start time is always midnight of the day you created the key.
- TTL—indicates the TTL (time to live) for the key if an override TTL is specified when the key is created.