diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-06-04 17:53:34 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-06-05 08:41:46 +0200 |
| commit | c06cbb12ac2080e75578645b5e74adf7496de1fa (patch) | |
| tree | 021a48a1886b192f444e0384ad0aee432f17b2b7 /ipaserver/install/plugins/dns.py | |
| parent | 7d9abecbb6b2779e074616ca5563714d165bb49b (diff) | |
| download | freeipa-c06cbb12ac2080e75578645b5e74adf7496de1fa.tar.gz freeipa-c06cbb12ac2080e75578645b5e74adf7496de1fa.tar.xz freeipa-c06cbb12ac2080e75578645b5e74adf7496de1fa.zip | |
Fill new DNS zone update policy by default
For security reasons, dynamic updates are not enabled for new DNS
zones. In order to enable the dynamic zone securely, user needs to
allow dynamic updates and create a zone update policy.
The policy is not easy to construct for regular users, we should
rather fill it by default and let users just switch the policy
on or off.
https://fedorahosted.org/freeipa/ticket/2441
Diffstat (limited to 'ipaserver/install/plugins/dns.py')
| -rw-r--r-- | ipaserver/install/plugins/dns.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py index 928ecc06e..29b71dd9d 100644 --- a/ipaserver/install/plugins/dns.py +++ b/ipaserver/install/plugins/dns.py @@ -70,9 +70,9 @@ class update_dnszones(PostUpdate): # do not open zone transfers by default update['idnsallowtransfer'] = u'none;' - old_policy = util.gen_dns_update_policy(api.env.realm, ('A', 'AAAA')) + old_policy = util.get_dns_forward_zone_update_policy(api.env.realm, ('A', 'AAAA')) if zone.get('idnsupdatepolicy', [''])[0] == old_policy: - update['idnsupdatepolicy'] = util.gen_dns_update_policy(\ + update['idnsupdatepolicy'] = util.get_dns_forward_zone_update_policy(\ api.env.realm) if update: |