Use the DNSSEC Validation and DNSSEC Trust Anchors deployment options to configure DNSSEC validation manually.
The DNSSEC Validation deployment option enables the server to respond to DNS requests from DNSSEC-aware servers. This option can be set at the configuration, view, or server levels, and it should be set for any server to which signed zones are deployed.
The DNSSEC Trust Anchors deployment option provides the public keys for trusted zones. Use this option to create a DNSSEC trusted anchor. This option is set at the server level. When setting DNSSEC Trust Anchors, you will need the KSKs for the trusted zones from the zone administrators.
To set the DNSSEC Validation deployment option:
- Select the Servers tab. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
- Under Servers, click a server name. The Details tab for the server opens.
- Click the Deployment Options tab.
- Under Deployment Options, click New and select DNS Option.
- From the Option list, select DNSSEC Validation. The fields for the DNSSEC Validation option appear.
- Select the Enabled check box (selected by default). If disabling DNSSEC, edit this option and deselect the Enabled check box.
- Under Change Control, add comments, if required.
- Click Add.