mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
DNSSEC: forwarders validation improvement
Some DNS servers behaves oddly and instead sending result without RRSIG records don't reply at all when DNSSEC flag is enabled (timeout). Instead of hard error IPA should this handle as DNSSEC error and continue with installation/adding forwarders. Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
This commit is contained in:
parent
a5ccdc16cb
commit
387a1513bb
@ -670,8 +670,7 @@ def validate_dnssec_global_forwarder(ip_addr, log=None, timeout=10):
|
||||
timeout=timeout)
|
||||
except DNSException as e:
|
||||
_log_response(log, e)
|
||||
raise UnresolvableRecordError(owner=owner, rtype=rtype, ip=ip_addr,
|
||||
error=e)
|
||||
raise DNSSECSignatureMissingError(owner=owner, rtype=rtype, ip=ip_addr)
|
||||
|
||||
try:
|
||||
ans.response.find_rrset(
|
||||
|
Loading…
Reference in New Issue
Block a user