freeipa

Clone
Source Code
GIT

#6223 Support DNSSEC key import / migration from non-IPA DNSSEC solution
Opened 7 years ago by pspacek. Modified 3 years ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

A Fedora user was able to import DNSSEC keys from non-IPA DNSSEC solution into FreeIPA. This required quite a lot of manual steps and fiddling with values in OpenDNSSEC database:
https://www.redhat.com/archives/freeipa-users/2016-August/msg00278.html

The proces can be made much smoother with just few tweaks in existing FreeIPA & SoftHSM code. We should do this to enable actual DNSSEC users to migrate to FreeIPA, which will make adoption easier.

User story

I'm DNS administrator in an organization which is about to deploy FreeIPA. I want to use FreeIPA DNS to get tight integration and remove some of the maintenance burden from me.

My existing system is using DNSSEC. I want to migrate to FreeIPA and import existing DNSSEC keys so the system continues working after the migration.

Metadata Update from @pspacek:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.5 backlog
7 years ago

Metadata Update from @mbasti:
- Issue assigned to tkrizek (was: mbasti)
- Issue close_status updated to: None
6 years ago

Metadata Update from @tkrizek:
- Assignee reset
5 years ago

Metadata Update from @frenaud:
- Issue set to the milestone: DNSSEC (was: FreeIPA 4.5 backlog)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
normal
None
None
None
None
enhancement
None
None
DNS
None
0
dnssec
None
None
None
todo
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.