Managing HSM-enabled DNS servers - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Product name
BlueCat Integrity

With HSM-enabled DNS Servers now managed by Address Manager, you can perform several maintenance operations if needed, such as disabling, enabling, and replacing DNS Servers, editing, and deleting DNS Servers, and disabling HSM on managed DNS Servers.

Note: A managed BlueCat DNS Server can perform zone signing using either DNSSEC-HSM or standard DNSSEC—not both. Once a BlueCat DNS Server has been configured for HSM zone signing, it can't be used for standard DNSSEC zone signing. If a DNS Server configured for HSM must be repurposed for standard DNSSEC, it must be re-imaged.
Note: Once you have enabled HSM on your managed DNS Servers and they have joined the HSM Security World, connectivity between the managed DNS Servers and at least one HSM Server is required at all times. That is, connectivity between a managed DNS Server and the HSM Server is necessary during all normal operations of the DNS Server and not only with DNSSEC-HSM zone signing. This is to ensure correct operation of DNS service.