Jump to: navigation, search

V4/DNSSEC

Name: V4/DNSSEC
Ticket: #3801
Target version: 4.1.0
Incomplete.png Pending review
Last updated: 2015-09-30 by Mbasti

Overview

The Domain Name System Security Extensions (DNSSEC) technology is a set of extensions to DNS allowing clients to check denial of existence and data integrity of the DNS query results.

Design

FreeIPA 4.0.0 introduced experimental DNSSEC implementation which provided only minimal user interface and depends on manual key management (done by administrator).

FreeIPA 4.1.0 and newer provides automatic key management (bind-dyndb-ldap's design page). Disadvantage of this approach is that one replica is single-point-of-failure (for key management). More information available here.

RFE Author

pspacek (talk)