Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 998522

Summary: DNSSEC support for FreeIPA
Product: [Fedora] Fedora Reporter: Jaroslav Reznik <jreznik>
Component: Changes TrackingAssignee: Jaroslav Reznik <jreznik>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jreznik, pspacek, tbabej
Target Milestone: ---Keywords: Tracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://fedorahosted.org/bind-dyndb-ldap/ticket/56
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1008203 1008204 (view as bug list) Environment:
Last Closed: 2014-12-08 15:25:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1097752, 1110720, 1121658, 1122486, 1123354, 1150396    
Bug Blocks: 1164044, 1008203, 1008204    

Description Jaroslav Reznik 2013-08-19 13:28:19 UTC 
This is a tracking bug for Change: DNSSEC support for FreeIPA
For more details, see: http://fedoraproject.org//wiki/Changes/IPAv3DNSSEC

FreeIPA with integrated DNS server will support serving of DNSSEC secured zones.
Comment 1 Tomas Babej 2013-08-28 14:22:11 UTC 
This feature is self-contained and not in a testable state yet. It is planned for FreeIPA 3.4 Beta release which is aligned with the F20 schedule.
Comment 2 Petr Spacek 2013-09-02 11:18:58 UTC 
It is possible that we will not be able to complete the feature in time for Fedora 20 beta.

From:
http://fedoraproject.org//wiki/Changes/IPAv3DNSSEC#Contingency_Plan
Contingency mechanism: Do not expose new feature in FreeIPA's user interface (i.e. revert patches for user interface)
Comment 3 Jaroslav Reznik 2013-09-04 12:28:20 UTC 
Ok, in case you won't be able to finish it by Beta Change Deadline (currently planned for 2013-10-08), let me know and put the bug to the NEW state, version to rawhide.

Thanks for update!
Comment 4 Jaroslav Reznik 2013-09-17 11:43:30 UTC 
(In reply to Petr Spacek from comment #2)
> It is possible that we will not be able to complete the feature in time for
> Fedora 20 beta.
> 
> From:
> http://fedoraproject.org//wiki/Changes/IPAv3DNSSEC#Contingency_Plan
> Contingency mechanism: Do not expose new feature in FreeIPA's user interface
> (i.e. revert patches for user interface)

Petr, do you have any updates?
Comment 5 Petr Spacek 2013-09-17 12:33:03 UTC 
I think that DNSSEC will not be prepared for Fedora 20 in time. Nothing should change from user's perspective (in comparison with Fedora 19). See the contingency plan: "Do not expose new feature in FreeIPA's user interface."
Comment 6 Petr Spacek 2013-10-02 08:39:01 UTC 
I'm moving the bug back to NEW/rawhide, because we are still missing user interface and key management.
Comment 7 Jaroslav Reznik 2014-10-20 14:11:58 UTC 
Hi Petr, how what's the status of this change for Fedora 21? I see a few dependencies not fulfilled yet, should I move it to Fedora 22? Thanks
Comment 8 Petr Spacek 2014-10-20 15:20:22 UTC 
Hello!

We are going to build new freeipa packages today or tomorrow. All the necessary packages are in Koji, we only have to sort out bureocracy around it in Bodhi.
Comment 9 Jaroslav Reznik 2014-10-21 11:53:24 UTC 
Thanks, based on it, I'm moving it to ON_QA.