URL:
https://github.com/freeipa/freeipa/pull/2310
Author: flo-renaud
Title: #2310: ipa-server-install: do not perform forwarder validation with
--no-dnssec-validation
Action: opened
PR body:
"""
When ipa-server-install is called -with --forwarder, it checks if the forwarder supports
DNSSEC and:
- exits if the forwarder is not reachable or does not answer to a query for . SOA
- prints a warning if the forwarder does not support DNSSEC.
When the --no-dnssec-validation option is provided, the installer should not perform the
check.
The commit also adds a test that simulates a non-responding forwarder. It would have been
too complex to setup a forwarder without DNSSEC support (i.e. a machine with BIND service
and /etc/named.conf containing `dnssec-enable no; dnssec-validation no;`).
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2310/head:pr2310
git checkout pr2310