DNSSEC Config

Question

Hi Everyone,&nbsp;
I would like to have the input from the experts here.... regarding DNS and DNSSEC... if I am using F5 GTM as an authoritative DNS for my Domain what are the things I have to get done on the ISP side or Domain registrar side. Also if I configure DNSSEC on GTM do I need to get anything configured on the ISP end?? Pls provide your input with practical experiences.&nbsp;
Regards,&nbsp;

gsharri · Answer

After generating the keys and creating the DNSSEC zone on GTM you will need to submit the DS (delegation signer) record to your parent dns domain. See Sol12981&nbsp;
As long as the parent domains are signed also you should be good to go.&nbsp;

techgeeeg · Answer

Thanks Scott can you elaborate more on submitting the DS record to the parent DNS domain?? I have my domain e.g "company.com" registered with a Domain registrar and there I have the NS IP's defined which are the SELF IP's of GTM and Listener are created on the same IP as well. Now this DS will be submitted to my domain registrar? That's what you are saying???

gsharri · Answer

Your domain registrar must support DNSSEC and the parent domain, .com in your example, must support DNSSEC. The DS record for company.com must be found in .com so clients can verify your signed resource records.&nbsp;
See these links for examples of the process and requirements: Domain Registrars and DS Record step-by-step&nbsp;

techgeeeg · Answer

Thanks Scott that really helped&nbsp;

Forum Discussion

DNSSEC Config

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Enabling DNSSEC for 1 record only

The BIG-IP GTM: Configuring DNSSEC

BIG-IP DNS DNSSEC and DKIM

virtual server config

Lightboard Lessons: DNSSEC