Link to home
Create AccountLog in
Avatar of Richard Frank
Richard FrankFlag for Netherlands

asked on

How can I distinguish the active ksk dnssec

I use windows 2012r2 as DNS server.
After signing a domain 4 DNS keys are generated
2 ksk and 2 zsk
I have to publish one of the ksk with the nameprovider for the chain of trust.
but I don't understand which one, because except the public key the files are identical. So how can I find which key is active and which one is the roll over(standby) key?
When visiting dnsviz.com I can see that I have published the wrong key, see picture.
2017-03-14-14_24_36-DNSViz---Interne.png
Avatar of DrDave242
DrDave242
Flag of United States of America image

The DNSSEC Properties page of a signed zone has a KSK tab that shows the GUIDs of the active and standby keys, but so far I haven't been able to locate those GUIDs anywhere else, so they aren't very useful. Are you able to simply publish both of them?
ASKER CERTIFIED SOLUTION
Avatar of Richard Frank
Richard Frank
Flag of Netherlands image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Asker found the solution.