Breadcrumbs

Sign Reverse Lookup Zone

  1. Click on Server Manager by selecting Start > Server Manager > click Tools and open DNS Manager.

tmpv_3oecwr.jpg

Server Manager

  1. In the DNS Manager, browse to your Domain name, then right click on Reverse Lookup Zone.

  2. Click DNSSEC and then click Sign the Zone.

tmpga7dvq30.jpg

Sign the Zone

  1. In the Zone Signing Wizard, click Next.

tmpdzf2ejpa.jpg

Zone Signing Wizard

  1. On the Signing Options interface, click Customize zone signing parameters, and then click Next.

tmpke45zhwc.jpg

Zone Signing Parameters

  1. On the Key Signing Key (KSK) Wizard, click Next.

tmp2fq8ql9u.jpg

Key Signing Key (KSK) Wizard

  1. On the Key Signing Key (KSK) Wizard, click Add.

tmpmmkh1h7y.jpg

Key Signing Key (KSK) Wizard

  1. On the New Key Signing Key (KSK) Wizard, from the dropdown of Select a key storage provider to generate and store keys, select Utimaco CryptoServer Key Storage Provider.

  2. Provide other information such as Cryptographic Algorithm and Key Length and then click OK.

  3. Uncheck the rollover option.

tmpnthcn50p.jpg

New Key Signing Key (KSK) Wizard

Automatic Key Rollover is not supported with Utimaco HSM. The user has to manually rollover the keys before its expiry.

  1. On the Key Signing Key (KSK) Wizard, click Next.

tmpnchhlxm6.jpg

Key Signing Key (KSK) Wizard

  1. On the Zone Signing Key (ZSK) Wizard, click Next.

tmpz77yj11b.jpg

Zone Signing Key Wizard

  1. On the Zone Signing Key (ZSK) wizard, click Add.

  2. On the New Zone Signing Key (ZSK) Wizard, from the dropdown of Select a key storage provider to generate and store keys, select Utimaco CryptoServer Key Storage Provider.

  3. Provide other information such as Cryptographic Algorithm and Key Length and then click OK.

  4. Uncheck the rollover option.

tmpsbrpcjca.jpg

Zone Signing Key (ZSK) Wizard

Automatic Key Rollover is not supported with Utimaco HSM. The user has to manually rollover the keys before its expiry.

  1. On the Zone Signing Key (ZSK) Wizard, click Next.

tmpj2f72r3v.jpg

Zone Signing Key (ZSK) Wizard

  1. On the Next Secure (NSEC) Wizard select use NSEC3, click Next.

tmppsqv6qvb.jpg

Next Secure (NSEC) Wizard

  1. On the Trust Anchors (TAs) Wizard, check the Enable the distribution of trust anchors for this zone check box, and then click Next.

tmp0vo192os.jpg

Trust Anchors (TAs) Wizard

  1. On the Signing and Polling Parameters wizard, click Next.

tmpn6p7eck7.jpg

Signing and Polling Parameters Wizard

  1. On the DNS Security Extensions (DNSSEC) Wizard, click Next, and then click Finish.

tmp52zz42hh.jpg


DNS Security Extensions (DNSSEC) Wizard

tmpzz_hox38.jpg

Signing the Zone