Alteon Application Switch Operating System Application Guide
Global Server Load Balancing
Document ID: RDWR-ALOS-V2900_AG1302 745
5. Export the KSK as text using the DS option.
Your zone is DNSSEC configured.
Notes
• The DS export is a manual process that needs administrator validation at both ends (the parent
and child zones).
• You can perform this procedure over a secure connection, such as HTTPS or SSH.
• Timers are defined per key, not globally.
• When working with GSLB and DNSSEC enabled, the configuration of remote sites must be
identical for all Alteons participating in the GSLB configuration (
/cfg/slb/gslb/site x). See
Example : Configuring Identical Remote Sites with GSLB and DNSSEC, page 745.
Example : Configuring Identical Remote Sites with GSLB and DNSSEC
There are 3 sites:
• Site A—Denver
• Site B—New York
• Site C—London
Although the configuration is asymmetric
• Site A holds www.denver.com
and www.london.com.
• Site B holds www.newyork.com
, www.denver.com and www.london.com.
• Site C holds www.London.com
and www.newyork.com.
In the site DSSP configuration, each site contains the configuration of the other sites (remote IP
address). The following is an example set of parameters of the Denver site:
All IP addresses of all the sites must be configured on all Alteons participating in the GSLB DNSSEC
configuration.
>> Main# /cfg/slb/gslb/dnssec/export
Select key ID to export: examplekey
Enter component type to export [Key|DNSKEY|ds-record]: ds-record
Exporting [ZSK | KSK] examplekey in PEM format.
Export to text or file [text|file]: text
-----BEGIN [KEY|ZONE] SIGNING KEY-----
# /cfg/slg/gslb/site 1 (London)
Remote site 1# prima 1.2.3.4 (London IP)
Remote site 1# ena
To Next Page
Loading...
