From 2f2bd6804c18cdddc86cb3883ff8482c7cc7612f Mon Sep 17 00:00:00 2001 From: Ralf Jung Date: Tue, 3 Jan 2023 13:11:55 +0100 Subject: [PATCH] unbound: small adjustments for debian update --- roles/unbound/tasks/main.yml | 7 +++++-- roles/unbound/templates/fix-dns | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml index d8d03e3..f3aacac 100644 --- a/roles/unbound/tasks/main.yml +++ b/roles/unbound/tasks/main.yml @@ -32,8 +32,11 @@ src: files/dhclient.conf - name: configure system DNS copy: - dest: /etc/resolv.conf - content: "nameserver 127.0.0.2\n" + dest: "{{ item }}" + content: "nameserver 127.0.0.2\noptions trust-ad\noptions edns0\n" + loop: + - /etc/resolv.conf.unbound + - /etc/resolv.conf # some providers need extra hacks to make our DNS persistent - name: install DNS-fix cronjob template: diff --git a/roles/unbound/templates/fix-dns b/roles/unbound/templates/fix-dns index ca7f860..f7b4bf2 100644 --- a/roles/unbound/templates/fix-dns +++ b/roles/unbound/templates/fix-dns @@ -2,9 +2,9 @@ set -e # Fix for some providers messing with DNS settings -if ! diff /etc/resolv.conf <(echo "nameserver 127.0.0.2") > /dev/null; then +if ! diff /etc/resolv.conf /etc/resolv.conf.unbound > /dev/null; then echo "Someone messed up our DNS! Fixing it..." - echo "nameserver 127.0.0.2" > /etc/resolv.conf + cp /etc/resolv.conf.unbound /etc/resolv.conf {% if 'email' in group_names %} # Just to make sure postfix uses the new settings systemctl restart postfix -- 2.30.2