[Freeipa-users] DNSSEC Question (KSK ZSK)
Simo Sorce
simo at redhat.com
Tue Dec 29 16:36:32 UTC 2015
On Tue, 2015-12-29 at 14:30 +0100, Günther J. Niederwimmer wrote:
> Hello,
>
> Is it possible to install a DSNSEC Master with my before created KSK ZSK?
>
> Background:
>
> I have installed a IPA Master on my System now I have change the Hardware and
> make a new installation with new Hardware?
Unless you want to trash your current install for some reason, it would
be easier to simply create an ipa replica on the new hardware so that
all keys get transferred too.
When you retire your old master you will have to reconfigure the
remaining replica to become the server that rotate the DNS keys.
> I have only a backup from the Files in
> /var/named/dyndb-ldap/ipa/master/example.com/keys/
>
> When I now enable a new DNSSEC Master create freeIPA new KSK ZSK for the
> Domain ?
If you have already destroyed your original master it is probably easier
to just regenerate all keys and upload the new public keys on the glue
record of the delegating provider.
Simo.
> Then I have to wait after the holidays to UPDATE the DS Record on my ISP :-(.
>
> Thanks for a answer,
>
> --
> mit freundlichen Grüßen / best regards,
>
> Günther J. Niederwimmer
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list