From c4c3b940cff3a9cf4a9a309cd3bba9abbc23a533 Mon Sep 17 00:00:00 2001 From: Timo Aaltonen Date: Thu, 24 Sep 2015 13:27:23 +0300 Subject: [PATCH] platform, disable-dnssec-support.patch: Fix named.conf template. --- debian/changelog | 1 + debian/patches/add-debian-platform.diff | 13 +++++++++++++ debian/patches/disable-dnssec-support.patch | 19 ++++++++++++++++--- 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index 25754be34..8d7b80669 100644 --- a/debian/changelog +++ b/debian/changelog @@ -23,6 +23,7 @@ freeipa (4.1.4-1) UNRELEASED; urgency=medium * control: Bump python-nss depends. * freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling. * platform: Add DebianNamedService. + * platform, disable-dnssec-support.patch: Fix named.conf template. -- Timo Aaltonen Thu, 02 Apr 2015 13:16:49 +0300 diff --git a/debian/patches/add-debian-platform.diff b/debian/patches/add-debian-platform.diff index d425589d5..76fa52db4 100644 --- a/debian/patches/add-debian-platform.diff +++ b/debian/patches/add-debian-platform.diff @@ -555,3 +555,16 @@ Date: Fri Mar 1 12:21:00 2013 +0200 PIDFile=/var/run/ipa_memcached/ipa_memcached.pid ExecStart=/usr/bin/memcached -d -s $SOCKET_PATH -u $USER -m $CACHESIZE -c $MAXCONN -P /var/run/ipa_memcached/ipa_memcached.pid $OPTIONS +--- a/install/share/bind.named.conf.template ++++ b/install/share/bind.named.conf.template +@@ -38,10 +38,6 @@ logging { + }; + }; + +-zone "." IN { +- type hint; +- file "named.ca"; +-}; + + include "$RFC1912_ZONES"; + include "$ROOT_KEY"; diff --git a/debian/patches/disable-dnssec-support.patch b/debian/patches/disable-dnssec-support.patch index 88471b0e7..156b43abd 100644 --- a/debian/patches/disable-dnssec-support.patch +++ b/debian/patches/disable-dnssec-support.patch @@ -19,15 +19,28 @@ Subject: [PATCH] Disable DNSSEC support --- a/install/share/bind.named.conf.template +++ b/install/share/bind.named.conf.template -@@ -18,7 +18,7 @@ options { +@@ -18,12 +18,8 @@ options { pid-file "$NAMED_PID"; dnssec-enable yes; - dnssec-validation yes; + dnssec-validation no; - /* Path to ISC DLV key */ - bindkeys-file "$BINDKEYS_FILE"; +- /* Path to ISC DLV key */ +- bindkeys-file "$BINDKEYS_FILE"; +- +- managed-keys-directory "$MANAGED_KEYS_DIR"; + }; + + /* If you want to enable debugging, eg. using the 'rndc trace' command, +@@ -40,7 +36,6 @@ logging { + + + include "$RFC1912_ZONES"; +-include "$ROOT_KEY"; + + dynamic-db "ipa" { + library "ldap.so"; --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -23,8 +23,7 @@ from optparse import OptionGroup, SUPPRE