Title: #2310: ipa-server-install: do not perform forwarder validation with
When ipa-server-install is called -with --forwarder, it checks if the forwarder supports
- exits if the forwarder is not reachable or does not answer to a query for . SOA
- prints a warning if the forwarder does not support DNSSEC.
When the --no-dnssec-validation option is provided, the installer should not perform the
The commit also adds a test that simulates a non-responding forwarder. It would have been
too complex to setup a forwarder without DNSSEC support (i.e. a machine with BIND service
and /etc/named.conf containing `dnssec-enable no; dnssec-validation no;`).
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2310/head:pr2310
git checkout pr2310