5. Export the KSK as text using the DS option.
>> Main# /cfg/slb/gslb/dnssec/export
Select key ID to export: examplekey
Enter component type to export [Key|DNSKEY|ds-record]: ds-record
Exporting [ZSK | KSK] examplekey in PEM format.
Export to text or file [text|file]: text
-----BEGIN [KEY|ZONE] SIGNING KEY-----
Your zone is DNSSEC configured.
Notes
•
The DS export is a manual process that needs administrator validation at both ends (the parent
and child zones).
•
You can perform this procedure over a secure connection, such as HTTPS or SSH.
•
Timers are defined per key, not globally.
•
When working with GSLB and DNSSEC enabled, the configuration of remote sites must be
identical for all Alteons participating in the GSLB configuration (
Example : Configuring Identical Remote Sites with GSLB and DNSSEC, page
Example
: Configuring Identical Remote Sites with GSLB and DNSSEC
There are 3 sites:
•
Site A—Denver
•
Site B—New York
•
Site C—London
Although the configuration is asymmetric
•
Site A holds
www.denver.com
•
Site B holds www.newyork.com,
•
Site C holds
www.London.com
In the site DSSP configuration, each site contains the configuration of the other sites (remote IP
address). The following is an example set of parameters of the Denver site:
# /cfg/slg/gslb/site 1 (London)
Remote site 1# prima 1.2.3.4
Remote site 1# ena
All IP addresses of all the sites must be configured on all Alteons participating in the GSLB DNSSEC
configuration.
Document ID: RDWR-ALOS-V2900_AG1302
Alteon Application Switch Operating System Application Guide
and www.london.com.
www.denver.com
and www.london.com.
and www.newyork.com.
(London IP)
Global Server Load Balancing
/cfg/slb/gslb/site x
745.
). See
745