Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1115294
Summary: | [RFE] Add support for DNSSEC | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> | |
Component: | ipa | Assignee: | Martin Kosek <mkosek> | |
Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | |
Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> | |
Priority: | medium | |||
Version: | 7.0 | CC: | drieden, fhanzelk, jcholast, jgalipea, ksiddiqu, mkosek, mnavrati, pasik, pspacek, pvoborni, rbiba, rcritten, tbabej | |
Target Milestone: | rc | Keywords: | FutureFeature, TechPreview | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | ipa-4.2.0-1.el7 | Doc Type: | Technology Preview | |
Doc Text: |
.DNSSEC available as Technology Preview in IdM
Identity Management (IdM) servers with integrated DNS now implement DNS Security Extensions (DNSSEC), a set of extensions to DNS that enhance security of the DNS protocol. DNS zones hosted on IdM servers can be automatically signed using DNSSEC. The cryptographic keys are automatically generated and rotated.
Users who decide to secure their DNS zones with DNSSEC are advised to read and follow these documents:
* link:http://tools.ietf.org/html/rfc6781#section-2[DNSSEC Operational Practices, Version 2]
* link:http://dx.doi.org/10.6028/NIST.SP.800-81-2[Secure Domain Name System (DNS) Deployment Guide]
* link:http://tools.ietf.org/html/rfc7583[DNSSEC Key Rollover Timing Considerations]
Note that IdM servers with integrated DNS use DNSSEC to validate DNS answers obtained from other DNS servers. This might affect the availability of DNS zones that are not configured in accordance with recommended naming practices described in the link:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/ch-Configure_Host_Names.html#sec-Recommended_Naming_Practices[Red Hat Enterprise Linux Networking Guide].
|
Story Points: | --- | |
Clone Of: | ||||
: | 1249775 1664718 2084180 (view as bug list) | Environment: | ||
Last Closed: | 2015-11-19 12:00:47 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 829395, 1044159, 1044170, 1044171, 1061212, 1097749, 1097753, 1117157, 1117174, 1119738, 1121658, 1122495, 1185880, 1193892, 1193942, 1196971, 1204100, 1261530 | |||
Bug Blocks: | 1181710, 1249775, 1664718, 2084180 |