I am trying to test DNSSEC on a trial version before rolling it out on production appliance.
I have configured the Key signing key, Zone Signing key and mapped them to the DNSSEC Zone. However for some reason the DNSSEC zone is offline with error message: 'Offline (Enabled) - must contain at least one enabled KSK and enabled ZSK'
I have verified that the KSK and ZSK are both in enabled state. Any pointers on why this could be happening?
Did you find the answer on this? Playing in my lab and I get the same thing!
Below changes solved my problem:
- Ensure that at least one data center and a server object representing the BIG-IP device exist in the BIG-IP system configuration.
- The BIG IP device server object should be added with the self IP and not management IP
Thanks - will give it a try!