Richard Frank
asked on
How can I distinguish the active ksk dnssec
I use windows 2012r2 as DNS server.
After signing a domain 4 DNS keys are generated
2 ksk and 2 zsk
I have to publish one of the ksk with the nameprovider for the chain of trust.
but I don't understand which one, because except the public key the files are identical. So how can I find which key is active and which one is the roll over(standby) key?
When visiting dnsviz.com I can see that I have published the wrong key, see picture.
2017-03-14-14_24_36-DNSViz---Interne.png
After signing a domain 4 DNS keys are generated
2 ksk and 2 zsk
I have to publish one of the ksk with the nameprovider for the chain of trust.
but I don't understand which one, because except the public key the files are identical. So how can I find which key is active and which one is the roll over(standby) key?
When visiting dnsviz.com I can see that I have published the wrong key, see picture.
2017-03-14-14_24_36-DNSViz---Interne.png
The DNSSEC Properties page of a signed zone has a KSK tab that shows the GUIDs of the active and standby keys, but so far I haven't been able to locate those GUIDs anywhere else, so they aren't very useful. Are you able to simply publish both of them?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Asker found the solution.