1298102 – DNSSEC key purging is not handled properly

Bug 1298102 - DNSSEC key purging is not handled properly

Summary: DNSSEC key purging is not handled properly

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	7.3
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Pavel Picka
QA Contact:	Namita Soman
Docs Contact:
URL:
Whiteboard:
Depends On:	1296214
Blocks:
TreeView+	depends on / blocked

Reported:	2016-01-13 09:03 UTC by Jan Kurik
Modified:	2016-02-16 10:59 UTC (History)
CC List:	11 users (show)
Fixed In Version:	ipa-4.2.0-15.el7_2.4
Doc Type:	Bug Fix
Doc Text:	The ipa-ods-exporter utility and the ipa-dnskeysyncd daemon did not properly handle DNSSEC key purging, which is automatically done by the OpenDNSSEC Enforcer daemon 14 days after the particular key is no longer in use. Consequently, DNSSEC key synchronization stopped working 14 days after a key rotation. Because Zone Signing Key (ZSK) is rotated every 3 months, the problem typically occurred 3 months and 14 days after DNSSEC was enabled for the first DNS zone. With this update, ipa-ods-exporter and ipa-dnskeysyncd have been fixed to properly handle key purging, and key distribution now works as expected after a key purging event.
Clone Of:	1296214
Environment:
Last Closed:	2016-02-16 10:59:02 UTC
Target Upstream Version:

Attachments	(Terms of Use)
log (32.86 KB, text/plain) 2016-01-29 15:16 UTC, Pavel Picka	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0211	0	normal	SHIPPED_LIVE	ipa bug fix update	2016-02-16 15:57:02 UTC

Description Jan Kurik 2016-01-13 09:03:40 UTC

This bug has been copied from bug #1296214 and has been proposed
to be backported to 7.2 z-stream (EUS).

Comment 5 Pavel Picka 2016-01-29 15:16:43 UTC

Created attachment 1119450 [details]
log

VERIFIED

ipa-server-4.2.0-15.el7_2.5.x86_64

rotation ok

Comment 6 Petr Spacek 2016-02-08 12:46:16 UTC

The doc text looks okay.

Comment 8 errata-xmlrpc 2016-02-16 10:59:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0211.html

Note You need to log in before you can comment on or make changes to this bug.