Bug 1258926
| Summary: | Remove 'DNSSEC is experimental' warnings | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Petr Vobornik <pvoborni> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | drieden, ksiddiqu, mbasti, mkosek, rcritten |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.2.0-9.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-19 12:06:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Petr Vobornik
2015-09-01 14:25:19 UTC
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/740f7fd817b399dd1a546a20ab260ea3a6cd4ed2 ipa-4-2: https://fedorahosted.org/freeipa/changeset/cdad393413aeada5a33edcb2acc8de8f90667a89 Verified. Warning is removed now. [root@dhcp207-115 ~]# rpm -q ipa-server opendnssec bind bind-dyndb-ldap bind-pkcs11 ipa-server-4.2.0-12.el7.x86_64 opendnssec-1.4.7-3.el7.x86_64 bind-9.9.4-29.el7.x86_64 bind-dyndb-ldap-8.0-1.el7.x86_64 bind-pkcs11-9.9.4-29.el7.x86_64 [root@dhcp207-115 ~]# Snip from console output. -------------------------- [root@dhcp207-115 ~]# ipa-dns-install --dnssec-master --forwarder=10.65.201.89 --no-reverse -U The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup DNS for the IPA Server. This includes: * Configure DNS (bind) * Configure SoftHSM (required by DNSSEC) * Configure ipa-dnskeysyncd (required by DNSSEC) * Configure ipa-ods-exporter (required by DNSSEC key master) * Configure OpenDNSSEC (required by DNSSEC key master) * Generate DNSSEC master key (required by DNSSEC key master) NOTE: DNSSEC zone signing is not enabled by default Plan carefully, replacing DNSSEC key master is not recommended To accept the default shown in brackets, press the Enter key. Checking DNS forwarders, please wait ... Configuring DNS (named) [1/8]: generating rndc key file Done configuring DNS (named). Configuring DNS key synchronization service (ipa-dnskeysyncd) [1/7]: checking status Done configuring DNS key synchronization service (ipa-dnskeysyncd). Configuring IPA OpenDNSSEC exporter daemon (ipa-ods-exporter) [1/6]: checking status [6/6]: configuring DNS Key Exporter to start on boot Done configuring IPA OpenDNSSEC exporter daemon (ipa-ods-exporter). Configuring OpenDNSSEC enforcer daemon (ods-enforcerd) [1/8]: checking status Done configuring OpenDNSSEC enforcer daemon (ods-enforcerd). Restarting ipa-dnskeysyncd Restarting named ============================================================================== Setup complete Global DNS configuration in LDAP server is empty You can use 'dnsconfig-mod' command to set global DNS options that would override settings in local named.conf files You must make sure these network ports are open: TCP Ports: * 53: bind UDP Ports: * 53: bind Restarting the web server [root@dhcp207-115 ~]# Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2362.html |