On 29.12.2015 14:30, Günther J. Niederwimmer wrote:

Is it possible to install a DSNSEC Master with my before created KSK ZSK?


I have installed a IPA Master on my System now I have change the Hardware and
make a new installation with new Hardware?

I have only a backup from the Files in

When I now enable a new DNSSEC Master create freeIPA new KSK ZSK for the
Domain ?

Then I have to wait after the holidays to UPDATE the DS Record on my ISP :-(.

Thanks for a answer,

I'm not sure if this is possible,

IPA uses openDNSSEC, and it needs softhsm database and database of keys metadata, which are not located in /var/named/...

New installation of DNSSEC master will create new keys.

My colleague is more familiar with bind-dyndb-ldap, but he will be available after holidays too.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to