F5 DNS Security Reports

The DNSSEC Dashboard for F5 offers visibility and insights into the management of DNSSEC Keys within F5 DNS. It provides information on the expiration status of KSK keys and trends regarding their expiry. Additionally, it presents a single view of the mapping between Zones and keys.

The following reports are available under the F5_DNSSEC tab:

• Total Zone Signing Keys: This metric displays the total number of Zone Signing Keys present across the F5 DNS managed in AppViewX.
• Total Key Signing Keys: This metric displays the total number of Key signing key present across the F5 DNS managed in AppViewX.
• KSK Expiry: This report displays the expiry status of the key signing keys. The different colored sections of the pie represent the expiry status of the KSKs. For example: valid, expired ,expiring in 30 days, 60 days, and 90 days.
• KSK Expiry Trend: This report displays the expiry trend of the key signing keys.
• KSK Rollover Report: The following grid displays the rollover and expiry dates for the KSKs along with the DS record that needs to be updated.
• Orphan Key Report: This report displays the key signing keys and zone signing keys that are not associated with any zone. The grid displays the name of the key(s) along with their status.
• DNSSEC Zone and Key Report: The DNSSEC zone and key grid displays all the zones with information on their status (enabled/disabled) and the associated Zone Signing Key and Key Signing Key.