Bug 2084180
Summary: | [RFE] Add support for DNSSEC | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Florence Blanc-Renaud <frenaud> |
Component: | ipa | Assignee: | Florence Blanc-Renaud <frenaud> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | ipa-qe <ipa-qe> |
Severity: | unspecified | Docs Contact: | Filip Hanzelka <fhanzelk> |
Priority: | medium | ||
Version: | 9.0 | CC: | fhanzelk, jcholast, jgalipea, ksiddiqu, mkosek, mnavrati, nsoman, pasik, pspacek, pvoborni, rcritten, tbabej, thozza, tscherf |
Target Milestone: | rc | Keywords: | FutureFeature, TechPreview |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Technology Preview | |
Doc Text: |
.DNSSEC available as Technology Preview in IdM
Identity Management (IdM) servers with integrated DNS now implement DNS Security Extensions (DNSSEC), a set of extensions to DNS that enhance security of the DNS protocol. DNS zones hosted on IdM servers can be automatically signed using DNSSEC. The cryptographic keys are automatically generated and rotated.
Users who decide to secure their DNS zones with DNSSEC are advised to read and follow these documents:
* link:https://datatracker.ietf.org/doc/html/rfc6781[DNSSEC Operational Practices, Version 2]
* link:http://dx.doi.org/10.6028/NIST.SP.800-81-2[Secure Domain Name System (DNS) Deployment Guide]
* link:https://datatracker.ietf.org/doc/html/rfc7583[DNSSEC Key Rollover Timing Considerations]
Note that IdM servers with integrated DNS use DNSSEC to validate DNS answers obtained from other DNS servers. This might affect the availability of DNS zones that are not configured in accordance with recommended naming practices.
|
Story Points: | --- |
Clone Of: | 1115294 | Environment: | |
Last Closed: | 2022-06-22 15:07:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 829395, 1044159, 1044170, 1044171, 1061212, 1097749, 1097753, 1115294, 1117157, 1117174, 1119738, 1121658, 1122495, 1185880, 1193892, 1193942, 1196971, 1204100, 1261530 | ||
Bug Blocks: | 1181710, 1249775, 1664718 |
Description
Florence Blanc-Renaud
2022-05-11 15:23:47 UTC
The release notes for RHEL 9.0 [1] properly document that DNSSEC is available as Technology Preview in IdM. Closing as CURRENTRELEASE. [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/9.0_release_notes/index#technology-preview_identity-management |