539d469 Split named custom config to allow changes in options stanza

10 files Authored by carbenium 3 years ago, Committed by abbra 3 years ago,
    Split named custom config to allow changes in options stanza
    
    Upgrade path to add additional include to named.conf is not handled.
    
    Remove bindkeys-file directive from named config
    The ISC DVL service was shut down (https://www.isc.org/bind-keys/).
    BIND versions since April 2017 (i.e. 9.9.10, 9.10.5, 9.11.1 and later)
    include a hard-coded copy of the root KSK which gets updates automatically
    according to RFC 5011.
    
    Move dnssec-enable directive to custom named config
    
    Move comment named config being managed by FreeIPA to the top
    
    Move settings which could be changed by administrators to
    ipa-options-ext.conf. Settings defined there are sole responsibility of the
    administrator. We do not check if they might collide with our settings in
    named.conf.
    
    Fixes: https://pagure.io/freeipa/issue/8287
    Co-authored-by: Peter Keresztes Schmidt <carbenium@outlook.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    
        
file modified
+2 -0
file modified
+1 -0
file modified
+3 -0
file modified
+1 -0