#5807 dnssec sign the phx2.fedoraproject.org subdomain
Closed: Fixed 7 years ago Opened 7 years ago by adamwill.

dnssec is enabled for fedoraproject.org as a whole, but the internal phx2.fedoraproject.org subdomain isn't signed. This means that when you set up a FreeIPA server in infra and use the infra DNS servers as DNS forwarders, your FreeIPA DNS server won't return any results for any hosts in phx2.fedoraproject.org by default (because it does dnssec validation by default).


dig dl.phx2.fedoraproject.org +sigchase @ns04.phx2.fedoraproject.org
....
;; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS

This is now done.

Metadata Update from @puiterwijk:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

7 years ago

Login to comment on this ticket.

Metadata