Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

DNSSEC Configuration issue

Hi Team,

I am trying to test DNSSEC on a trial version before rolling it out on production appliance. I have configured the Key signing key, Zone Signing key and mapped them to the DNSSEC Zone. However for some reason the DNSSEC zone is offline with error message: 'Offline (Enabled) - must contain at least one enabled KSK and enabled ZSK'

I have verified that the KSK and ZSK are both in enabled state. Any pointers on why this could be happening?

Best Regards,
Shridhar Acharya

0
Rate this Question
Comments on this Question
Comment made 1 month ago by Gordon Bailey-McEwan

Did you find the answer on this? Playing in my lab and I get the same thing!

0
Comment made 1 month ago by Shridhar21389 54

Below changes solved my problem:
- Ensure that at least one data center and a server object representing the BIG-IP device exist in the BIG-IP system configuration.
- The BIG IP device server object should be added with the self IP and not management IP

0
Comment made 1 month ago by Gordon Bailey-McEwan

Thanks - will give it a try!

0

Answers to this Question