60d90b3993
- Resolves: RHEL-106285 Incorrect use of external IdP GitHub trademark - Resolves: RHEL-106026 Include fixes in python3-ipatests package - Resolves: RHEL-105512 kdb: prevent double crash in RBCD ACL free - Resolves: RHEL-101707 ipatests: use "sos report" instead of "sosreport" command - Resolves: RHEL-101544 ipa-client-encrypted-dns does not ensure bind-utils >= 9.18 for DoT-compatible nsupdate - Resolves: RHEL-100450 eDNS: multiple issues during encrypted DNS setup Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
58 lines
2.2 KiB
Diff
58 lines
2.2 KiB
Diff
From a6ae9f740991888bede82884bd9609db220430e3 Mon Sep 17 00:00:00 2001
|
|
From: Antonio Torres <antorres@redhat.com>
|
|
Date: Mon, 23 Jun 2025 10:49:34 +0200
|
|
Subject: [PATCH] dns: only overwrite resolv.conf during eDNS setup when needed
|
|
|
|
Don't overwrite resolv.conf if it already points to 127.0.0.1. This
|
|
ensures compatibility with read-only containers.
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9813
|
|
Signed-off-by: Antonio Torres <antorres@redhat.com>
|
|
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
|
|
---
|
|
ipaserver/install/dns.py | 16 +++++++++-------
|
|
1 file changed, 9 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
|
|
index 9740faeddb244a56b2dc8a274ff82158f6dd2204..0f7a3073f4de1641afb7fdfa77413b978fd23974 100644
|
|
--- a/ipaserver/install/dns.py
|
|
+++ b/ipaserver/install/dns.py
|
|
@@ -33,7 +33,7 @@ from ipapython import ipautil
|
|
from ipapython import dnsutil
|
|
from ipapython.certdb import EXTERNAL_CA_TRUST_FLAGS
|
|
from ipapython.dn import DN
|
|
-from ipapython.dnsutil import check_zone_overlap
|
|
+from ipapython.dnsutil import check_zone_overlap, get_ipa_resolver
|
|
from ipapython.install import typing
|
|
from ipapython.install.core import group, knob
|
|
from ipapython.admintool import ScriptError
|
|
@@ -171,17 +171,19 @@ def _setup_dns_over_tls(options):
|
|
f.write("\n".join(dns_none))
|
|
nm.reload_or_restart()
|
|
|
|
- # Overwrite resolv.conf to point to IPA
|
|
+ # Ensure resolv.conf points to IPA
|
|
cfg = [
|
|
"# auto-generated by IPA installer",
|
|
"search .",
|
|
"nameserver 127.0.0.1\n"
|
|
]
|
|
- fstore = sysrestore.FileStore(paths.SYSRESTORE)
|
|
- fstore.backup_file(paths.RESOLV_CONF)
|
|
- with open(paths.RESOLV_CONF, 'w') as f:
|
|
- f.write('\n'.join(cfg))
|
|
- os.chmod(paths.RESOLV_CONF, 0o644)
|
|
+ nameservers = get_ipa_resolver().nameservers
|
|
+ if not nameservers or nameservers[0] != "127.0.0.1":
|
|
+ fstore = sysrestore.FileStore(paths.SYSRESTORE)
|
|
+ fstore.backup_file(paths.RESOLV_CONF)
|
|
+ with open(paths.RESOLV_CONF, 'w') as f:
|
|
+ f.write('\n'.join(cfg))
|
|
+ os.chmod(paths.RESOLV_CONF, 0o644)
|
|
|
|
services.knownservices.unbound.enable()
|
|
services.knownservices.unbound.restart()
|
|
--
|
|
2.50.1
|
|
|