Creating a DNSSEC KSK Rollover Alarm
Create an alarm on a DNSSEC enabled zone that lets you know when the zone's key-signing key (KSK) needs to be rolled over.
Using the Console
- Open the navigation menu and click Observability & Management. Under Monitoring, click Alarm Definitions.
- Click Create Alarm.
- Enter a user friendly name for the alarm. For example, "DNSSEC KeyVersion Requires Promotion." Avoid entering confidential information.
- For Severity, select Critical.
- For Alarm body, enter the human-readable content of the notification for this condition (trigger rule). For example, "One or more DNSSEC enabled zones has a KSK version that requires promotion. Follow these instructions to promote KSKs, maintain a strong security posture, and avoid disruptions.
-
In the Metric description area, enter values to specify the metric to evaluate for the alarm.
- Compartment: Select the compartment that contains the resources that emit the metrics evaluated by the alarm. The selected compartment is also the storage location of the alarm. By default, the first accessible compartment is selected.
- Metric namespace:
oci_dns
. - Metric name:
DaysUntilDnssecKeyVersionExpiration
- Interval:
5 minutes.
- Statistic:
Count
.
-
In the Metric dimensions area, specify the following filters:
- Dimension name:
requiresPromotion
. - Dimension value:
true
.
- Dimension name:
-
In the Destination area under Define alarm notifications, select the provider of the destination to use for alarm notifications.
- Destination service: Select one of the following values:
- Notifications: Send alarm notifications to a topic. Each subscription in the topic receives an alarm message.
- Streaming: Send alarm messages to a stream.
Note
If you expect more than 60 messages per minute, select Streaming. For more information, see Alarm Message Limits. - Compartment: Select the compartment that contains the resources that emit the metrics evaluated by the alarm. The selected compartment is also the storage location of the alarm. By default, the first accessible compartment is selected.
- Stream (for Streaming only): The stream to use for alarm notifications.
- Topic (for Notifications only): The topic to use for notifications. Each topic supports one or more subscription protocols, such as PagerDuty.
- To create a new topic (and a new subscription) in the selected compartment, click Create a topic and then enter the following values:
- Topic name: A user-friendly name for the topic. For example, enter: "Operations Team" for a topic used to notify operations staff of firing alarms. Avoid entering confidential information.
- Topic description: Description of the new topic.
- Subscription protocol: Medium of communication to use for the new topic. Select the type of subscription that you want to create, then enter values in the associated fields. For details about each subscription type, click the links.
- Email: Enter an email address.
- Function: Select the compartment and application that contain the function that you want, and then select the function.
- HTTPS (Custom URL): Enter the URL that you want to use as the endpoint.
- PagerDuty: Enter the integration key portion of the URL for the PagerDuty subscription. (The other portions of the URL are hard-coded.)
- Slack: Enter the Slack endpoint, including the webhook token.
- SMS: Select the country for the phone number, and then enter the phone number, using E.164 format. Example: +14255550100
- Destination service: Select one of the following values:
- For Message grouping, select Split notifications per metric stream: Individually track metric status by metric stream. Send a message when metric status for each metric stream changes. For an example, see Scenario: Split Messages by Metric Stream.
-
For Message Format, select an option for the appearance of messages that you receive from this alarm (for Notifications only).
- Send formatted messages: Simplified, user-friendly layout. To view supported subscription protocols and message types for formatted messages (options other than Raw), see Friendly formatting.
- Send Pretty JSON messages (raw text with line breaks): JSON with new lines and indents.
- Send raw messages: Raw JSON blob.
- Click Save alarm.