DNS > Class 2 - Next Generation DNS Services > 5. Validating Resolver Source | Edit on
5.1. Trust Anchors¶
Next, create a trust anchor to validate DNS payloads in a DNSSEC response.
Begin by connecting to the BIG-IP via a web shell and run the commands shown below:
dig dnskey . | grep 257 > /root/dnskey.txt
dnssec-dsfromkey -f /root/dnskey.txt .
Navigate to: DNS ›› Caches : Cache List ›› validating-resolver_cache : Trust Anchors
Select the validating-resolver_cache and click “Trust Anchors”
For each DS record, enter them as trust anchors:
When using TMSH, enter the DS records, each surrounded by quotes (” “), and use the entire keys above for <key 1> and <key 2>
1 | tmsh modify ltm dns cache validating-resolver validating-resolver_cache trust-anchors replace-all-with { "<key 1>" "<key 2>" }
|