Bug 1260209 - oo-install should have an option to not use DNSSEC for an external BIND server. [NEEDINFO]
oo-install should have an option to not use DNSSEC for an external BIND server.
Status: CLOSED DEFERRED
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
2.2.0
Unspecified Unspecified
low Severity medium
: ---
: ---
Assigned To: Timothy Williams
Ma xiaoqiang
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-04 14:24 EDT by Ricardo Martinelli de Oliveira
Modified: 2016-07-03 20:45 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-04-18 15:46:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
erich: needinfo? (rmartine)


Attachments (Terms of Use)

  None (edit)
Description Ricardo Martinelli de Oliveira 2015-09-04 14:24:23 EDT
Description of problem:
oo-install by default demands a DNSSEC key, and configures DNSSEC by default. It should have an option to not use DNSSEC for an external BIND server.
Comment 3 Timothy Williams 2016-04-18 15:46:53 EDT
Its a fundamental requirement in our installation steps (even without oo-install) to install named with a DNSSEC key:

https://github.com/openshift/openshift-extras/blob/enterprise-2.2/enterprise/install-scripts/generic/openshift.sh#L2987-L3001

We don't recommend installing without a DNSSEC key due to security concerns. The configuration can be changed after the fact to be insecure. At this time, we are not going to go back and make this change.

Note You need to log in before you can comment on or make changes to this bug.