From: Ralf Jung Date: Tue, 3 Jan 2023 12:11:55 +0000 (+0100) Subject: unbound: small adjustments for debian update X-Git-Url: https://git.ralfj.de/ansible.git/commitdiff_plain/2f2bd6804c18cdddc86cb3883ff8482c7cc7612f?ds=inline;hp=f95ae12f32d451750876153716f75f553c86d603 unbound: small adjustments for debian update --- diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml index d8d03e3..f3aacac 100644 --- a/roles/unbound/tasks/main.yml +++ b/roles/unbound/tasks/main.yml @@ -32,8 +32,11 @@ src: files/dhclient.conf - name: configure system DNS copy: - dest: /etc/resolv.conf - content: "nameserver 127.0.0.2\n" + dest: "{{ item }}" + content: "nameserver 127.0.0.2\noptions trust-ad\noptions edns0\n" + loop: + - /etc/resolv.conf.unbound + - /etc/resolv.conf # some providers need extra hacks to make our DNS persistent - name: install DNS-fix cronjob template: diff --git a/roles/unbound/templates/fix-dns b/roles/unbound/templates/fix-dns index ca7f860..f7b4bf2 100644 --- a/roles/unbound/templates/fix-dns +++ b/roles/unbound/templates/fix-dns @@ -2,9 +2,9 @@ set -e # Fix for some providers messing with DNS settings -if ! diff /etc/resolv.conf <(echo "nameserver 127.0.0.2") > /dev/null; then +if ! diff /etc/resolv.conf /etc/resolv.conf.unbound > /dev/null; then echo "Someone messed up our DNS! Fixing it..." - echo "nameserver 127.0.0.2" > /etc/resolv.conf + cp /etc/resolv.conf.unbound /etc/resolv.conf {% if 'email' in group_names %} # Just to make sure postfix uses the new settings systemctl restart postfix