F21 Self Contained Change: DNSSEC support for FreeIPA
jreznik at redhat.com
Wed Mar 26 14:46:08 UTC 2014
= Proposed Self Contained Change: DNSSEC support for FreeIPA =
Change owner(s): Petr Špaček <pspacek at redhat.com>
FreeIPA with integrated DNS server will support serving of DNSSEC secured
zones and automatic DNSSEC key maintenance.
This first version will have only the very basic functionality with limited
user interface and limited resiliency. Next versions (to be delivered in
Fedora 22 time frame) will improve resiliency and user interface
== Detailed Description ==
DNS server integrated to FreeIPA in Fedora 20 is not able to serve signed DNS
zones. New version of FreeIPA and bind-dyndb-ldap adds support for DNSSEC.
Zone maintenance (like perioding zone re-signing etc.) will be handled
automatically, so the administrative overhead should be minimal.
== Scope ==
* Proposal owners: This change requires major rewrite of bind-dyndb-ldap
package, some isolated changes in packages freeipa* and it's integration with
OpenDNSSEC for key rotation.
* Other developers: FreeIPA team has to prepare user interface for this
feature. (not a System Wide Change)
* Release engineering: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
More information about the devel-announce