DescriptionFlorence Blanc-Renaud
2022-08-23 11:32:57 UTC
This BZ is a tracker for dnssec-related issues on fedora 37.
Currently we are seeing 2 different types of failures:
- on an IPA server with dnssec-validation enabled, openQA detects a failure enrolling freeipa client because of DNS issues (the DNS resolution fails for kojipkgs.fedoraproject.org)
- on an IPA server with DNSSEC enabled, enabling zone signing for a given zone does not create the DNSKEY records and the zone is not signed.
Relevant BZ:
#2117859 - FreeIPA client enrolment fails due to DNS issues with openssl-pkcs11-0.4.12-2.fc37 on server
#2117342 - dnssec-keyfromlabel fails with fatal: failed to get key dnssec.test/RSASHA256: no engine
#2115865 - dnssec-keyfromlabel fails with openssl-pkcs11-0.4.12-1.fc36
When the above BZs are fixed, freeipa will need to bump its "Requires:" for bind and openssl-pkcs11 packages.
Comment 1Florence Blanc-Renaud
2022-11-22 08:08:19 UTC
FreeIPA spec file has bumped the required bump version:
master:
dface55 Spec file: bump bind version on f37+
ipa-4-10:
1dfb5d5 Spec file: bump bind version on f37+
Comment 2Florence Blanc-Renaud
2023-02-07 16:22:02 UTC
The 3 bugs tracked by this BZ have been closed as fixed, hence I'm also closing this one.