diff options
author | Petr Spacek <pspacek@redhat.com> | 2016-04-28 22:19:03 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-05-30 20:14:32 +0200 |
commit | 6eb00561c0f85085d86f7be936b632ba017fc4f1 (patch) | |
tree | 2eff845941b55555c427d76458f0912bfc1d828f /ipaserver/install/bindinstance.py | |
parent | e45a80308c947a58c0fb5266d75eedc1d9aef321 (diff) | |
download | freeipa-6eb00561c0f85085d86f7be936b632ba017fc4f1.tar.gz freeipa-6eb00561c0f85085d86f7be936b632ba017fc4f1.tar.xz freeipa-6eb00561c0f85085d86f7be936b632ba017fc4f1.zip |
DNS upgrade: change global forwarding policy in named.conf to "only" if private IPs are used
This change is necessary to override automatic empty zone configuration
in latest BIND and bind-dyndb-ldap 9.0+.
This upgrade has to be done on each IPA DNS server independently.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver/install/bindinstance.py')
-rw-r--r-- | ipaserver/install/bindinstance.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index ec8526a8e..afcb6b0c1 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -32,6 +32,7 @@ import six from ipaserver.install import installutils from ipaserver.install import service +from ipaserver.install import sysupgrade from ipaserver.install.cainstance import IPA_CA_RECORD from ipapython import sysrestore, ipautil, ipaldap from ipapython import dnsutil @@ -1038,6 +1039,12 @@ class BindInstance(service.Service): section=NAMED_SECTION_OPTIONS, str_val=False) + # prevent repeated upgrade on new installs + sysupgrade.set_upgrade_state( + 'named.conf', + 'forward_policy_conflict_with_empty_zones_handled', True + ) + def __setup_resolv_conf(self): if not self.fstore.has_file(RESOLV_CONF): self.fstore.backup_file(RESOLV_CONF) |