On 29.12.2015 17:36, Simo Sorce wrote:
On Tue, 2015-12-29 at 14:30 +0100, Günther J. Niederwimmer wrote:

Is it possible to install a DSNSEC Master with my before created KSK ZSK?


I have installed a IPA Master on my System now I have change the Hardware and
make a new installation with new Hardware?
Unless you want to trash your current install for some reason, it would
be easier to simply create an ipa replica on the new hardware so that
all keys get transferred too.

When you retire your old master you will have to reconfigure the
remaining replica to become the server that rotate the DNS keys.
If you still have accessible master, create new replica with DNS, CA(if master has CA too).

Please follow following guide to migrate DNSSEC master


I have only a backup from the Files in

When I now enable a new DNSSEC Master create freeIPA new KSK ZSK for the
Domain ?
If you have already destroyed your original master it is probably easier
to just regenerate all keys and upload the new public keys on the glue
record of the delegating provider.


Then I have to wait after the holidays to UPDATE the DS Record on my ISP :-(.

Thanks for a answer,

mit freundlichen Grüßen / best regards,

   Günther J. Niederwimmer

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to