Help
FortiADC
FortiADC enhances the scalability, performance, and security of your applications whether they are hosted on premises or in the cloud.
gsharma
Staff
Staff

Created on ‎04-08-2024 11:34 PM

Article Id 309007

Technical Tip: DNSSEC key lifetime when configuring DNSSEC

Description This article describes what is the lifetime of the DNSSEC keys.
Scope FortiADC, FortiADC-VM.
Solution

When enabling DNSSEC,  there is secure communication between the FortiADC DNS server and any child DNS servers. It is based on keys contained in delegation signer files (DSSET files).

 

In DNSSEC deployments, DSSET files are created automatically upon signing the zone through DNSSEC. These DNSSEC keys are perpetual and they never expire.

 

DNSkeys.JPG

 

The DSSET key contains ZSK (Zone Signing Key) and KSK (Key-signing Key).

Related document: 

Configuring the DSSET list
50
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.