freeipa/ipaplatform
Cédric Jeanneret 6c27104467 Prevents DNS Amplification Attack and allow to customize named
While [1] did open recursion, it also opened widely a security flaw.

This patch intends to close it back, while allowing operators to easily
add their open configuration within Bind9.

In order to allow operators to still open Bind recursion, a new file is
introduced, "ipa-ext.conf" (path might change according to the OS). This
file is not managed by the installer, meaning changes to it won't be
overridden.
Since it's included at the very end of the main configuration file, it
also allows to override some defaults - of course, operators have to be
careful with that.

Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1754530
Fixes: https://pagure.io/freeipa/issue/8079

[1] 5f4c75eb28

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2019-11-12 10:49:49 +02:00
..
base Prevents DNS Amplification Attack and allow to customize named 2019-11-12 10:49:49 +02:00
debian Prevents DNS Amplification Attack and allow to customize named 2019-11-12 10:49:49 +02:00
fedora Use nis-domainname.service on all RH platforms 2019-07-04 10:43:51 +02:00
redhat ipa-backup: backup the PKCS module config files setup by IPA 2019-09-22 20:29:41 +03:00
rhel Use nis-domainname.service on all RH platforms 2019-07-04 10:43:51 +02:00
__init__.py Refactor os-release and platform information 2018-08-30 11:37:21 +02:00
_importhook.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
constants.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
Makefile.am Use namespace-aware meta importer for ipaplatform 2017-11-15 14:17:24 +01:00
osinfo.py ipatests: remove all occurrences of osinfo.version_id 2019-03-01 08:38:11 +01:00
override.py.in Use namespace-aware meta importer for ipaplatform 2017-11-15 14:17:24 +01:00
paths.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
services.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Cleanup shebang and executable bit 2018-07-05 19:46:42 +02:00
tasks.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00