journalwatch: allow more TLS errors
[ansible.git] / roles / unbound / tasks / main.yml
index 988517f4acd6deeddda51c42011ec57a5714ddaa..f3aacac435c6509c6abb24054a4b6ce42e27f3b1 100644 (file)
     src: files/dhclient.conf
 - name: configure system DNS
   copy:
-    dest: /etc/resolv.conf
-    content: "nameserver 127.0.0.2\n"
+    dest: "{{ item }}"
+    content: "nameserver 127.0.0.2\noptions trust-ad\noptions edns0\n"
+  loop:
+  - /etc/resolv.conf.unbound
+  - /etc/resolv.conf
 # some providers need extra hacks to make our DNS persistent
 - name: install DNS-fix cronjob
   template:
     dest: /etc/cron.hourly/fix-dns
     src: templates/fix-dns
+    mode: +x