The ansible-freeipa PR https://github.com/freeipa/ansible-freeipa/pull/1340 provided a hotfix for client, replica and server deployments with FreeIPA PR https://github.com/freeipa/freeipa/pull/7343 applied.

This ticket is about enabling the configuration of DNS-over-TLS.

Command line installer options that need to be added:

ipa-server-install/ipa-replica-install

    --dns-over-tls      Configure DNS over TLS

    --dot-forwarder=DOT_FORWARDERS
                        Add a DNS over TLS forwarder. This option can be used
                        multiple times
    --dns-over-tls-cert=DNS_OVER_TLS_CERT
                        Certificate to use for DNS over TLS. If empty, a new
                        certificate will be requested from IPA CA
    --dns-over-tls-key=DNS_OVER_TLS_KEY
                        Key for certificate specified in --dns-over-tls-cert
    --dns-policy={relaxed,enforced}
                        Encrypted DNS policy

ipa-client-install

    --dns-over-tls      Configure DNS over TLS