no way to disable DNSSEC explicitly

Bug #1784599 reported by Nobuto Murata on 2018-07-31
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Designate-Bind Charm
Undecided
Nobuto Murata

Bug Description

In some cases, users might want to disable DNSSEC explicitly especially in restricted network which cannot reach to root DNS servers, or upstream DNS server in an organization does not support DNSSEC.

It would be nice if the charm offers a way to optionally disable DNSSEC.

Nobuto Murata (nobuto) on 2018-07-31
Changed in charm-designate-bind:
assignee: nobody → Nobuto Murata (nobuto)

Fix proposed to branch: master
Review: https://review.openstack.org/587511

Changed in charm-designate-bind:
status: New → In Progress

Reviewed: https://review.openstack.org/587511
Committed: https://git.openstack.org/cgit/openstack/charm-designate-bind/commit/?id=8d1285104a284ce0e1a073ae27c9f2d5cbb0603e
Submitter: Zuul
Branch: master

commit 8d1285104a284ce0e1a073ae27c9f2d5cbb0603e
Author: Nobuto Murata <email address hidden>
Date: Wed Aug 1 00:55:32 2018 +0900

    Allow disabling dnssec-validation

    This option may be helpful in a situation that upstream DNS servers do
    not support DNSSEC, and BIND9 reports "Unable to fetch DNSKEY". For
    production deployments, it's encouraged to keep DNSSEC enabled.

    Change-Id: I1c28a65ff7d8063ada795b7b2e962fbfedc32c3d
    Closes-Bug: #1784599

Changed in charm-designate-bind:
status: In Progress → Fix Committed
David Ames (thedac) on 2018-09-06
Changed in charm-designate-bind:
milestone: none → 18.08
James Page (james-page) on 2018-09-12
Changed in charm-designate-bind:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers