Resolving dnssec-enabled domains may fail after FreeIPA server upgrade to Fedora 35

issuebot · December 3, 2021, 1:03am

Problem

In automated testing of FreeIPA on Fedora 35, we found that upgrading a FreeIPA server with dnssec validation enabled to Fedora 35 may possibly break DNS resolution of hosts in dnssec-enabled domains.

This problem occurs in our automated testing environment, but has not yet been successfully replicated outside it, so it may be specific somehow to that environment.

Related Issues

Bugzilla report: #1999321

Workarounds

If after upgrading a FreeIPA server configured to act as a DNS server to Fedora 35 you find that you have problems when resolving hosts in dnssec-enabled domains, you can try disabling dnssec validation on the server:

ipa-dns-install --disable-dnssec-master

system · May 16, 2023, 3:20pm

This topic was automatically closed 5 minutes after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Network adress resolution problems caused by using systemd-resolved Ask Fedora f33 , f34 , systemd-resolved , networking	17	4974	February 6, 2024
After upgrade (F36), Lets Encrypt certificates not recognized Ask Fedora f35 , f36 , httpd , certbot , letencrypt	6	393	August 23, 2022
DNS not resolving on Fedora Server 39 Ask Fedora intel , f39 , server	1	1032	November 16, 2023
Creating network /home with FreeIPA and Fedora Ask Fedora	1	750	September 2, 2020
Cant enter in https://github.com/ after sudo dnf update Ask Fedora	6	710	February 6, 2022

Resolving dnssec-enabled domains may fail after FreeIPA server upgrade to Fedora 35

Problem

Related Issues

Workarounds

Related Topics