On 28.2.2016 14:51, Peter Fern wrote:
> Hi all,
> A new KSK has been auto-generated, and it's transitioned through
> 'published' and is now sitting in the 'ready' state, but does not appear
> as a DNSKEY record on the zone. I can see that ods-enforcerd has picked
> up the state change correctly and logged a DSChanged event with the
> correct output for the new DNSKEY record, and it appears as expected in
> localhsm, but is not published on the zone.
> Running FreeIPA 4.3.0-1.fc23, anyone got pointers on how to proceed with
> the rollover?
I would recommend you to wait until fix
is released in 4.3.1 or so.
After that you can use procedure described on page
to run ds-seen command.
I hope this helps.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project