From f387cbe6f9d1e21cb46c7b9752735bf6ded176b7 Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Fri, 31 Aug 2018 10:09:15 +0200 Subject: [PATCH] ipa-server-install: do not perform forwarder validation with --no-dnssec-validation ipa-server-install is checking if the forwarder(s) specified with --forwarder argument support DNSSEC. When the --no-dnssec-validation option is added, the installer should not perform the check. Fixes: https://pagure.io/freeipa/issue/7666 Reviewed-By: Tibor Dudlak --- ipaserver/install/dns.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index cac7a9213796d6618854b12da6c2a7fe60afdbf9..e4f73ac025dfe8aa19ef99c8d0ab9379caa32610 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -293,8 +293,8 @@ def install_check(standalone, api, replica, options, hostname): # test DNSSEC forwarders if options.forwarders: - if (not bindinstance.check_forwarders(options.forwarders) - and not options.no_dnssec_validation): + if not options.no_dnssec_validation \ + and not bindinstance.check_forwarders(options.forwarders): options.no_dnssec_validation = True print("WARNING: DNSSEC validation will be disabled") -- 2.17.1