Use the Auto Generate Keys function when automatic key generation is disabled and you want to manually generate new keys for a signed DNS zone or reverse zone.
To be regenerated, keys must be within their Overlap Interval as defined in the key parameters in the DNSSEC signing policy. For information on setting the Overlap Interval, refer to Creating a DNSSEC Signing Policy.
After using the Auto Generate Keys function, you must deploy the configuration to re-sign the zone on your servers.
To generate new keys:
- From the configuration drop-down menu, select a configuration.
- From the DNS or IP Space tab, navigate to a DNS zone or reverse zone.
- Select the DNSSEC tab.
Click the DNS zone name, IPv4 block name, or IPv4 network name
menu and select Auto Generate Keys.
A message appears and describes the results of the key generation:
- New keys generated: "New keys were generated successfully."
- No keys generated: "New keys were not generated because existing keys are valid."
- Click OK.
- Deploy DNS.