Project

General

Profile

Actions

Bug #720

open

Bind9 KASP Migration Problems

Added by Marc Dequènes about 3 years ago. Updated over 2 years ago.

Status:
In Progress
Priority:
Low
Category:
Service :: DNS
Start date:
2018-05-07
Due date:
% Done:

0%

Estimated time:
(Total: 0:00 h)
Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:

Description

This is the migration from the preliminary DNSSEC implementation called `dnssec-keymgr` to the integrated KASP scheduler with `dnssec-policy`.

We encountered a few bugs or limitations (the later being expected improvements from the old system that are still dearly lacking): Features we really need:
  • publishing of CDS/CDNSKEY handled by KASP
  • automate using published CDS/CDNSKEY in parent zones we manage created support with a crontab in the bind9 role
  • notify Bind when the DS is published/withdrawn: I guess we would need to make a script since it's probably gonna take some time before it's added upstream
  • automate using published CDS/CDNSKEY in parent zones we do not manage: currently Gandi, either with the old XMLRPC API or maybe change registrar
  • rewrite the rollover notification script for KASP (needed until all is automated and to check all is fine)

Subtasks 1 (1 open0 closed)

Enhancement #623: Use Gandi API to automate DNSSEC KSK rolloverBlocked2018-05-07

Actions
Actions #1

Updated by Marc Dequènes about 3 years ago

  • Description updated (diff)
Actions #2

Updated by Marc Dequènes almost 3 years ago

  • Description updated (diff)
  • Status changed from New to In Progress
Actions #3

Updated by Marc Dequènes over 2 years ago

  • Description updated (diff)
Actions

Also available in: Atom PDF