From 95b82708df05b1794e7991904899659f2ddc40cd Mon Sep 17 00:00:00 2001
From: Ralf Jung <post@ralfj.de>
Date: Thu, 21 Jun 2018 10:02:08 +0200
Subject: [PATCH] add script to continuously check DNS settings

---
 roles/unbound/tasks/main.yml    |  5 +++++
 roles/unbound/templates/fix-dns | 12 ++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 roles/unbound/templates/fix-dns

diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
index c53cecb..988517f 100644
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@@ -34,3 +34,8 @@
   copy:
     dest: /etc/resolv.conf
     content: "nameserver 127.0.0.2\n"
+# some providers need extra hacks to make our DNS persistent
+- name: install DNS-fix cronjob
+  template:
+    dest: /etc/cron.hourly/fix-dns
+    src: templates/fix-dns
diff --git a/roles/unbound/templates/fix-dns b/roles/unbound/templates/fix-dns
new file mode 100644
index 0000000..ca7f860
--- /dev/null
+++ b/roles/unbound/templates/fix-dns
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+
+# Fix for some providers messing with DNS settings
+if ! diff /etc/resolv.conf <(echo "nameserver 127.0.0.2") > /dev/null; then
+	echo "Someone messed up our DNS! Fixing it..."
+	echo "nameserver 127.0.0.2" > /etc/resolv.conf
+{% if 'email' in group_names %}
+	# Just to make sure postfix uses the new settings
+	systemctl restart postfix
+{% endif %}
+fi
-- 
2.30.2