URL: https://github.com/freeipa/freeipa/pull/5880 Author: flo-renaud Title: #5880: Server install: do not use unchecked ip addr for ipa-ca record Action: opened PR body: """ At the end of a server installation, the DNS records for ipa-ca.$DOMAIN are created/updated with the IP addresses of the new server. The current code resolves the IP addresses of the new server but doesn't check them. This can result in the addition of a link-local address to ipa-ca record. For each address, make sure that it's neither reserved nor a link-local address. Fixes: https://pagure.io/freeipa/issue/8810 Signed-off-by: Florence Blanc-Renaud <flo(a)redhat.com&gt; """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5880/head:pr5880 git checkout pr5880