[Freeipa-users] DNSSEC Question (KSK ZSK)
Martin Basti
mbasti at redhat.com
Tue Dec 29 16:39:01 UTC 2015
On 29.12.2015 14:30, Günther J. Niederwimmer wrote:
> Hello,
>
> Is it possible to install a DSNSEC Master with my before created KSK ZSK?
>
> Background:
>
> I have installed a IPA Master on my System now I have change the Hardware and
> make a new installation with new Hardware?
>
> I have only a backup from the Files in
> /var/named/dyndb-ldap/ipa/master/example.com/keys/
>
> When I now enable a new DNSSEC Master create freeIPA new KSK ZSK for the
> Domain ?
>
> Then I have to wait after the holidays to UPDATE the DS Record on my ISP :-(.
>
> Thanks for a answer,
>
I'm not sure if this is possible,
IPA uses openDNSSEC, and it needs softhsm database and database of keys
metadata, which are not located in /var/named/...
New installation of DNSSEC master will create new keys.
My colleague is more familiar with bind-dyndb-ldap, but he will be
available after holidays too.
More information about the Freeipa-users
mailing list