See $SUBJECT. When running "ipa-dns-instal --dnssec-master" it failures saying "DNSSEC key master(s): <ipa server> Only one DNSSEC key master is supported ..."
The problem is that the server marked as DNSSEC master is failed, and (see other post) will not start dirsrv with what looks like a corruption in some files. I tried for quite a while to find a solution to recover the old replica, but I gave up. It's still "as is" but I hope to transfer it's responsibilities including DNSSEC to a new server before removing the old failed one. Hopefully someone has a link that documents this. All I find seems to insist I need to create a new DNSSEC master node first. I guess I can do that only if I totally remove the old failed server first. The key is that I cannot run any ipa-dns-commands on it, nor ipa-server commands - nothing is running, dirsrv fails starting right after the daemon is loaded but it then goes into a loop of not being able to find key DNs like hosts, users etc. Thanks! -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
