crypto-policies: Set ns01.iad2/ns02.iad2 to use DEFAULT:SHA1 crypto-policy
ns01 and ns02 are used by internal iad2 ssytems for dns resolution. This means bastion uses them for smtp outgoing at least. Lots of dnssec servers out there still are using SHA1 signatures, and without this the hosts will simply not resolve at all. So, until things are better we need to set these back to allow SHA1. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
parent
6fbab55010
commit
ecce8cc965
|
@ -25,3 +25,11 @@
|
|||
tags:
|
||||
- crypto-policies
|
||||
- base/crypto-policies
|
||||
|
||||
- name: Set crypto-policy on RHEL9 dns servers to DEFAULT:SHA1
|
||||
command: "update-crypto-policies --set DEFAULT:SHA1"
|
||||
when: inventory_hostname.startswith(('ns01.iad2','ns02.iad2'))
|
||||
check_mode: no
|
||||
tags:
|
||||
- crypto-policies
|
||||
- base/crypto-policies
|
||||
|
|
Loading…
Reference in New Issue