DNSSEC DS creation for Parent Zone

Question

Hi,&nbsp;
I have configured/created the KSK/ZSK and DNSSEC Zone for our domain name (for example: dns.com.sg). It is enabled and active.&nbsp;
I tested it using dig command:&nbsp;
[admin@Active:In Sync] ~  dig @pridns.dns.com.sg  +dnssec +multiline dns.com.sg
I also tested it using one of the "Listeners" IP address:&nbsp;
[admin@Active:In Sync] ~  dig @1.1.1.1  +dnssec +multiline dns.com.sg
I seems to get the correct response as I can see the RRSIG values.&nbsp;
I also check the DNSSEC zone properties by issuing the below command.&nbsp;
list /ltm dns dnssec zone dns.com.sg all-properties
I can see both the DNSKEY and DS records.&nbsp;
Now my issue is I'm having trouble with regards to the DS record that we are "supposed" to submit to the parent domain.&nbsp;
Basically, the question is how do I submit the DS record to the parent domain? If the F5 is the same one that is holding the parent domain (dns.com.sg) do I still need to create a DS record for dns.com.sg? How about the child domain?&nbsp;
Currently, our F5-GTM is the primary DNS for all the internal domain and it is also the SOA for all our internal domain for both the parent and child domain (example: Parent: dns.com.sg, Child: abc.dns.com.sg). &nbsp;
Thank you&nbsp;

mubi · Answer

Dear LA,&nbsp;did you find the solution to your problem as i am also facing the issue&nbsp;

Forum Discussion

DNSSEC DS creation for Parent Zone

1 Reply

Recent Discussions

Rewrite uri translation not working

no available managed rule groups for Israel il-central-1

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Related Content

Enabling DNSSEC for 1 record only

The BIG-IP GTM: Configuring DNSSEC

AS3 Json for pool creation

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)

BIG-IP DNS DNSSEC and DKIM