unbound: small adjustments for debian update

diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
index d8d03e3dd0f84f98a1d6ebf17f2ca9fa93dc2406..f3aacac435c6509c6abb24054a4b6ce42e27f3b1 100644 (file)
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@@ -32,8 +32,11 @@
     src: files/dhclient.conf
 - name: configure system DNS
   copy:
-    dest: /etc/resolv.conf
-    content: "nameserver 127.0.0.2\n"
+    dest: "{{ item }}"
+    content: "nameserver 127.0.0.2\noptions trust-ad\noptions edns0\n"
+  loop:
+  - /etc/resolv.conf.unbound
+  - /etc/resolv.conf
 # some providers need extra hacks to make our DNS persistent
 - name: install DNS-fix cronjob
   template:

diff --git a/roles/unbound/templates/fix-dns b/roles/unbound/templates/fix-dns
index ca7f860df582eb6e5d4f4a67b679f1d01ebf7ce2..f7b4bf2ceeec299cb9c845a948a34ddd865ac159 100644 (file)
--- a/roles/unbound/templates/fix-dns
+++ b/roles/unbound/templates/fix-dns
@@ -2,9 +2,9 @@
 set -e
 
 # Fix for some providers messing with DNS settings
-if ! diff /etc/resolv.conf <(echo "nameserver 127.0.0.2") > /dev/null; then
+if ! diff /etc/resolv.conf /etc/resolv.conf.unbound > /dev/null; then
        echo "Someone messed up our DNS! Fixing it..."
-       echo "nameserver 127.0.0.2" > /etc/resolv.conf
+       cp /etc/resolv.conf.unbound /etc/resolv.conf
 {% if 'email' in group_names %}
        # Just to make sure postfix uses the new settings
        systemctl restart postfix