From 2f2bd6804c18cdddc86cb3883ff8482c7cc7612f Mon Sep 17 00:00:00 2001
From: Ralf Jung <post@ralfj.de>
Date: Tue, 3 Jan 2023 13:11:55 +0100
Subject: [PATCH] unbound: small adjustments for debian update

---
 roles/unbound/tasks/main.yml    | 7 +++++--
 roles/unbound/templates/fix-dns | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
index d8d03e3..f3aacac 100644
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@@ -32,8 +32,11 @@
     src: files/dhclient.conf
 - name: configure system DNS
   copy:
-    dest: /etc/resolv.conf
-    content: "nameserver 127.0.0.2\n"
+    dest: "{{ item }}"
+    content: "nameserver 127.0.0.2\noptions trust-ad\noptions edns0\n"
+  loop:
+  - /etc/resolv.conf.unbound
+  - /etc/resolv.conf
 # some providers need extra hacks to make our DNS persistent
 - name: install DNS-fix cronjob
   template:
diff --git a/roles/unbound/templates/fix-dns b/roles/unbound/templates/fix-dns
index ca7f860..f7b4bf2 100644
--- a/roles/unbound/templates/fix-dns
+++ b/roles/unbound/templates/fix-dns
@@ -2,9 +2,9 @@
 set -e
 
 # Fix for some providers messing with DNS settings
-if ! diff /etc/resolv.conf <(echo "nameserver 127.0.0.2") > /dev/null; then
+if ! diff /etc/resolv.conf /etc/resolv.conf.unbound > /dev/null; then
 	echo "Someone messed up our DNS! Fixing it..."
-	echo "nameserver 127.0.0.2" > /etc/resolv.conf
+	cp /etc/resolv.conf.unbound /etc/resolv.conf
 {% if 'email' in group_names %}
 	# Just to make sure postfix uses the new settings
 	systemctl restart postfix
-- 
2.30.2