Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

DNSSEC Configuration issue

Hi Team,

I am trying to test DNSSEC on a trial version before rolling it out on production appliance. I have configured the Key signing key, Zone Signing key and mapped them to the DNSSEC Zone. However for some reason the DNSSEC zone is offline with error message: 'Offline (Enabled) - must contain at least one enabled KSK and enabled ZSK'

I have verified that the KSK and ZSK are both in enabled state. Any pointers on why this could be happening?

Best Regards,
Shridhar Acharya

Rate this Question
Comments on this Question
Comment made 1 month ago by Gordon Bailey-McEwan

Did you find the answer on this? Playing in my lab and I get the same thing!

Comment made 1 month ago by Shridhar21389 54

Below changes solved my problem:
- Ensure that at least one data center and a server object representing the BIG-IP device exist in the BIG-IP system configuration.
- The BIG IP device server object should be added with the self IP and not management IP

Comment made 1 month ago by Gordon Bailey-McEwan

Thanks - will give it a try!


Answers to this Question