freeipa.git/install/share/bind.named.conf.template, branch fix_ber_scanf FreeIPA patches named.conf: Disable duplicate zone on debian, and modify data dir 2018-05-29T15:03:56+00:00 Timo Aaltonen tjaalton@debian.org 2017-03-29T15:17:28+00:00 c5ee8ae5297f1686f4af74e74c284860515c2dc6 zone already imported via default zones. Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> 
zone already imported via default zones.

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Use system-wide crypto-policies on Fedora 2018-02-20T16:01:52+00:00 Christian Heimes cheimes@redhat.com 2018-02-09T10:50:32+00:00 90a75f0d4300126f18dabfb9ca4df59cab4d97cb HTTPS connections from IPA framework and bind named instance now use system-wide crypto-policies on Fedora. For HTTPS the 'DEFAULT' crypto policy also includes unnecessary ciphers for PSK, SRP, aDSS and 3DES. Since these ciphers are not used by freeIPA, they are explicitly excluded. See: https://bugzilla.redhat.com/show_bug.cgi?id=1179925 See: https://bugzilla.redhat.com/show_bug.cgi?id=1179220 Fixes: https://pagure.io/freeipa/issue/4853 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
HTTPS connections from IPA framework and bind named instance now use
system-wide crypto-policies on Fedora.

For HTTPS the 'DEFAULT' crypto policy also includes unnecessary ciphers
for PSK, SRP, aDSS and 3DES. Since these ciphers are not used by freeIPA,
they are explicitly excluded.

See: https://bugzilla.redhat.com/show_bug.cgi?id=1179925
See: https://bugzilla.redhat.com/show_bug.cgi?id=1179220
Fixes: https://pagure.io/freeipa/issue/4853
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
named.conf template: add modification warning 2017-05-23T10:37:48+00:00 Tomas Krizek tkrizek@redhat.com 2017-05-16T13:04:41+00:00 a924efe847e725d6a4dde209f57521a9a899ef23 Warn the user some modifications may break IPA setup or upgrade. All changes the user makes should be explicitly supported and mentioned in the documentation. Undocumented and unsupported changes, such as renaming dyndb part from "ipa" will break IPA. Signed-off-by: Tomas Krizek <tkrizek@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
Warn the user some modifications may break IPA setup or upgrade.
All changes the user makes should be explicitly supported and mentioned
in the documentation. Undocumented and unsupported changes, such as
renaming dyndb part from "ipa" will break IPA.

Signed-off-by: Tomas Krizek <tkrizek@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
named.conf template: update API for bind 9.11 2017-02-09T15:34:53+00:00 Tomas Krizek tkrizek@redhat.com 2016-12-19T12:12:19+00:00 e8a2abd548b594e6f22f38445ee32bcaa7f27303 Use the new API for bind 9.11. Removed deprecated "serial_autoincrement" and updated the rest of configuration to conform to the new format. This only fixes new IPA installations. For existing installations, named.conf will be transformed when the new version of bind-dyndb-ldap is installed. https://fedorahosted.org/freeipa/ticket/6565 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Use the new API for bind 9.11. Removed deprecated "serial_autoincrement"
and updated the rest of configuration to conform to the new format.

This only fixes new IPA installations. For existing installations,
named.conf will be transformed when the new version of bind-dyndb-ldap
is installed.

https://fedorahosted.org/freeipa/ticket/6565

Reviewed-By: Martin Basti <mbasti@redhat.com>
DNS Locations: dnsserver: use the newer config way in installer 2016-06-17T13:22:24+00:00 Martin Basti mbasti@redhat.com 2016-06-13T18:38:00+00:00 08265f1e92bd91d9e4ba3285b953ff9ccd79040b Store some parts of DNS configuration in LDAP tree instead of named.conf https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Store some parts of DNS configuration in LDAP tree instead of named.conf

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
DNS Locations: dnsserver: put server_id option into named.conf 2016-06-17T13:22:24+00:00 Martin Basti mbasti@redhat.com 2016-06-13T18:41:24+00:00 52590d6fa581e3b53e2c9350dc307a1f360c40a3 The option server_id is required for DNS location feature, otherwise it will not work. https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
The option server_id is required for DNS location feature, otherwise it
will not work.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Extend installers with --forward-policy option 2016-04-28T16:46:06+00:00 Petr Spacek pspacek@redhat.com 2016-03-01T10:13:18+00:00 89974548891baa6dbbab401913359e398a2cbc57 This option specified forward policy for global forwarders. The value is put inside /etc/named.conf. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com> 
This option specified forward policy for global forwarders.
The value is put inside /etc/named.conf.

https://fedorahosted.org/freeipa/ticket/5710

Reviewed-By: Martin Basti <mbasti@redhat.com>
DNSSEC: validate forwarders 2014-10-21T10:23:03+00:00 Martin Basti mbasti@redhat.com 2014-10-16T14:27:00+00:00 ca030a089f9e45a5dae5f6fb5993f4cc714f1ab2 Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com> 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
Make named.conf template platform independent 2014-10-14T11:55:02+00:00 Martin Basti mbasti@redhat.com 2014-10-02T14:31:24+00:00 7ad70025eb2deaf5c7c79149673dc2fbde2b7c2c Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com> 
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Add missing attributes to named.conf 2014-10-14T11:55:02+00:00 Martin Basti mbasti@redhat.com 2014-10-02T12:55:10+00:00 97195eb07cb70bfa8cb6e57977e59a871a8df3b4 Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com> 
Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>