A Fedora user was able to import DNSSEC keys from non-IPA DNSSEC solution into FreeIPA. This required quite a lot of manual steps and fiddling with values in OpenDNSSEC database: https://www.redhat.com/archives/freeipa-users/2016-August/msg00278.html
The proces can be made much smoother with just few tweaks in existing FreeIPA & SoftHSM code. We should do this to enable actual DNSSEC users to migrate to FreeIPA, which will make adoption easier.
I'm DNS administrator in an organization which is about to deploy FreeIPA. I want to use FreeIPA DNS to get tight integration and remove some of the maintenance burden from me.
My existing system is using DNSSEC. I want to migrate to FreeIPA and import existing DNSSEC keys so the system continues working after the migration.
Metadata Update from @pspacek: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.5 backlog
Metadata Update from @mbasti: - Issue assigned to tkrizek (was: mbasti) - Issue close_status updated to: None
Metadata Update from @tkrizek: - Assignee reset
Metadata Update from @frenaud: - Issue set to the milestone: DNSSEC (was: FreeIPA 4.5 backlog)
Login to comment on this ticket.