URL:
https://github.com/freeipa/freeipa/pull/5880
Author: flo-renaud
Title: #5880: Server install: do not use unchecked ip addr for ipa-ca record
Action: opened
PR body:
"""
At the end of a server installation, the DNS records for
ipa-ca.$DOMAIN are created/updated with the IP addresses of the
new server.
The current code resolves the IP addresses of the new server
but doesn't check them. This can result in the addition of
a link-local address to ipa-ca record.
For each address, make sure that it's neither reserved nor a
link-local address.
Fixes:
https://pagure.io/freeipa/issue/8810
Signed-off-by: Florence Blanc-Renaud <flo(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5880/head:pr5880
git checkout pr5880