From: Ralf Jung <post@ralfj.de>
Date: Thu, 21 Jun 2018 08:02:08 +0000 (+0200)
Subject: add script to continuously check DNS settings
X-Git-Url: https://git.ralfj.de/ansible.git/commitdiff_plain/95b82708df05b1794e7991904899659f2ddc40cd

add script to continuously check DNS settings
---

diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
index c53cecb..988517f 100644
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@@ -34,3 +34,8 @@
   copy:
     dest: /etc/resolv.conf
     content: "nameserver 127.0.0.2\n"
+# some providers need extra hacks to make our DNS persistent
+- name: install DNS-fix cronjob
+  template:
+    dest: /etc/cron.hourly/fix-dns
+    src: templates/fix-dns
diff --git a/roles/unbound/templates/fix-dns b/roles/unbound/templates/fix-dns
new file mode 100644
index 0000000..ca7f860
--- /dev/null
+++ b/roles/unbound/templates/fix-dns
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+# Fix for some providers messing with DNS settings
+if ! diff /etc/resolv.conf <(echo "nameserver 127.0.0.2") > /dev/null; then
+	echo "Someone messed up our DNS! Fixing it..."
+	echo "nameserver 127.0.0.2" > /etc/resolv.conf
+{% if 'email' in group_names %}
+	# Just to make sure postfix uses the new settings
+	systemctl restart postfix
+{% endif %}
+fi