freeipa/ipaplatform/base
Cédric Jeanneret 6c27104467 Prevents DNS Amplification Attack and allow to customize named
While [1] did open recursion, it also opened widely a security flaw.

This patch intends to close it back, while allowing operators to easily
add their open configuration within Bind9.

In order to allow operators to still open Bind recursion, a new file is
introduced, "ipa-ext.conf" (path might change according to the OS). This
file is not managed by the installer, meaning changes to it won't be
overridden.
Since it's included at the very end of the main configuration file, it
also allows to override some defaults - of course, operators have to be
careful with that.

Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1754530
Fixes: https://pagure.io/freeipa/issue/8079

[1] 5f4c75eb28

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Stanislav Levin <slev@altlinux.org>
2019-11-12 10:49:49 +02:00
..
__init__.py ipaplatform: Create separate module for platform files 2014-06-16 19:48:17 +02:00
constants.py Fix test_webui.test_selinuxusermap 2019-07-15 14:41:23 +03:00
paths.py Prevents DNS Amplification Attack and allow to customize named 2019-11-12 10:49:49 +02:00
services.py Add conditional restart (try-restart) capability to services 2019-11-07 13:00:15 -05:00
tasks.py ipa-backup: backup the PKCS module config files setup by IPA 2019-09-22 20:29:41 +03:00