a9704de FreeIPA: disable dnssec validation till weird bug is fixed

Authored and Committed by adamwill 3 years ago
    FreeIPA: disable dnssec validation till weird bug is fixed
    
    I noticed today that if we deploy FreeIPA with dnssec validation
    enabled, dnf can't resolve dl.fedoraproject.org afterwards, which
    is a problem because it means we wind up falling through to
    random mirrors for metadata and package download once the server
    is deployed, which can be slow and give old packages. This seems
    to be why the server upgrade test on F33 is sometimes failing
    because we get an older FreeIPA package on upgrade, even though
    the newer one has been stable for a week.
    
    It's difficult to pin down exactly where this bug is and fix it,
    I've mailed some folks to try and work it out, but until that's
    figured out, let's just disable dnssec validation.
    
    Signed-off-by: Adam Williamson <awilliam@redhat.com>
    
        
file modified
+1 -1