platform, disable-dnssec-support.patch: Fix named.conf template.

debian/changelog

@@ -23,6 +23,7 @@ freeipa (4.1.4-1) UNRELEASED; urgency=medium
   * control: Bump python-nss depends.
   * freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling.
   * platform: Add DebianNamedService.
+  * platform, disable-dnssec-support.patch: Fix named.conf template.
 
  -- Timo Aaltonen <tjaalton@debian.org>  Thu, 02 Apr 2015 13:16:49 +0300
 

debian/patches/add-debian-platform.diff

@@ -555,3 +555,16 @@ Date:   Fri Mar 1 12:21:00 2013 +0200
  PIDFile=/var/run/ipa_memcached/ipa_memcached.pid
  ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS
  
+--- a/install/share/bind.named.conf.template
++++ b/install/share/bind.named.conf.template
+@@ -38,10 +38,6 @@ logging {
+ 	};
+ };
+ 
+-zone "." IN {
+-	type hint;
+-	file "named.ca";
+-};
+ 
+ include "$RFC1912_ZONES";
+ include "$ROOT_KEY";

debian/patches/disable-dnssec-support.patch

@@ -19,15 +19,28 @@ Subject: [PATCH] Disable DNSSEC support
 
 --- a/install/share/bind.named.conf.template
 +++ b/install/share/bind.named.conf.template
-@@ -18,7 +18,7 @@ options {
+@@ -18,12 +18,8 @@ options {
  	pid-file "$NAMED_PID";
  
  	dnssec-enable yes;
 -	dnssec-validation yes;
 +	dnssec-validation no;
  
- 	/* Path to ISC DLV key */
- 	bindkeys-file "$BINDKEYS_FILE";
+-	/* Path to ISC DLV key */
+-	bindkeys-file "$BINDKEYS_FILE";
+-
+-	managed-keys-directory "$MANAGED_KEYS_DIR";
+ };
+ 
+ /* If you want to enable debugging, eg. using the 'rndc trace' command,
+@@ -40,7 +36,6 @@ logging {
+ 
+ 
+ include "$RFC1912_ZONES";
+-include "$ROOT_KEY";
+ 
+ dynamic-db "ipa" {
+ 	library "ldap.so";
 --- a/install/tools/ipa-dns-install
 +++ b/install/tools/ipa-dns-install
 @@ -23,8 +23,7 @@ from optparse import OptionGroup, SUPPRE