With HSM-enabled DNS Servers now managed by Address Manager, you can perform several maintenance operations if needed, such as disabling, enabling, and replacing DNS Servers, editing, and deleting DNS Servers, and disabling HSM on managed DNS Servers.
Note: A managed BlueCat DNS Server
can perform zone signing using either DNSSEC-HSM or standard DNSSEC—not both.
Once a BlueCat DNS Server has been configured for HSM zone signing, it can't be used
for standard DNSSEC zone signing. If a DNS Server configured for HSM must be
repurposed for standard DNSSEC, it must be re-imaged.
Note: Once you have enabled HSM on your
managed DNS Servers and they have joined the HSM Security World, connectivity
between the managed DNS Servers and at least one HSM Server is required at all
times. That is, connectivity between a managed DNS Server and the HSM Server
is necessary during all normal operations of the DNS Server and not only with
DNSSEC-HSM zone signing. This is to ensure correct operation of DNS
service.