Disable DNSSEC validation at equinix
authorTom Hughes <tom@compton.nu>
Tue, 7 Jan 2020 14:54:56 +0000 (14:54 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 7 Jan 2020 14:54:56 +0000 (14:54 +0000)
cookbooks/networking/attributes/default.rb
cookbooks/networking/templates/default/resolved.conf.erb
roles/equinix.rb

index f7db87730f14ded5b8d719defc7f30957d654a12..a98942e4bd8d42fc6589d79c52a7196fdfe035b2 100644 (file)
@@ -9,3 +9,4 @@ default[:networking][:firewall][:mangle] = true
 default[:networking][:interfaces] = {}
 default[:networking][:nameservers] = []
 default[:networking][:search] = []
+default[:networking][:dnssec] = "allow-downgrade"
index 035d692dfe515ef95af13a31347d5648f83b5b95..d57e78828ff1674412cf954c770d66c5d01d702f 100644 (file)
@@ -2,4 +2,4 @@
 DNS=<%= node[:networking][:nameservers].join(" ") %>
 FallbackDNS=1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888
 Domains=<%= node[:networking][:search].join(" ") %>
-DNSSEC=allow-downgrade
+DNSSEC=<%= node[:networking][:dnssec] %>
index 5baba9ac043a385ec7f16735ec59b29cac2eff96..9318fb2d055eabf2509a62bbff476528532ef0ff 100644 (file)
@@ -4,6 +4,7 @@ description "Role applied to all servers at Equinix"
 default_attributes(
   :networking => {
     :nameservers => ["8.8.8.8", "8.8.4.4", "2001:4860:4860::8888", "2001:4860:4860::8844"],
+    :dnssec => "no",
     :roles => {
       :internal => {
         :inet => {