[Freeipa-users] dnssec support in 4.1
Martin Kosek
mkosek at redhat.com
Fri Jul 24 07:49:28 UTC 2015
On 07/22/2015 03:52 PM, Andrew E. Bruno wrote:
> On Wed, Jul 22, 2015 at 04:48:33PM +0300, Alexander Bokovoy wrote:
>> On Wed, 22 Jul 2015, Andrew E. Bruno wrote:
>>> Apologies if this has been answered before but we're interested in
>>> dnssec support in FreeIPA. Running Centos 7.1.1503, ipa-server 4.1.0-18
>>> and following the docs here:
>>> https://www.freeipa.org/page/Howto/DNSSEC
>>>
>>> and
>>>
>>> http://www.freeipa.org/page/Releases/4.1.0#DNSSEC_Support
>>>
>>> # ipa-dns-install --dnssec-master
>>> Usage: ipa-dns-install [options]
>>>
>>> ipa-dns-install: error: no such option: --dnssec-master
>>>
>>>
>>> Is this not supported in 4.1.0? If not, is there a manual way to get
>>> zone signing to work?
>> DNSSEC support is switched off in RHEL 7.1 (and CentOS 7.1) but is
>> available in Fedora 21+/upstream bits.
>>
>> We plan to bring DNSSEC support to next RHEL 7 update, thanks to
>> stabilization work done after RHEL 7.1 release.
>
> Sounds great. Thanks. Looking forward to the next update.
Cool! BTW, if you are interested in DNSSEC, we would really welcome your early
testing of the feature so that any potential issues can be caught even before
the bits hit RHEL/CentOS - there is still time.
More details about the release and repos where to get it:
http://www.freeipa.org/page/Releases/4.2.0
Martin
More information about the Freeipa-users
mailing list