From c2ac10968607d43ac53ecdc13f2ff0aa2ca60f36 Mon Sep 17 00:00:00 2001
From: "Sergey Bubnov (omg)" <omg@basealt.ru>
Date: Sun, 30 Jun 2019 12:38:16 +0400
Subject: [PATCH] use static rndc.key; set localhost as a dns-resolver

---
 roles/bind-role/handlers/main.yml     |  5 ++++
 roles/bind-role/tasks/main.yml        | 33 ++++++++++++---------------
 roles/bind-role/templates/resolv.conf |  1 +
 roles/bind-role/templates/rndc.key.j2 |  4 ++++
 4 files changed, 24 insertions(+), 19 deletions(-)
 create mode 100644 roles/bind-role/templates/resolv.conf
 create mode 100644 roles/bind-role/templates/rndc.key.j2

diff --git a/roles/bind-role/handlers/main.yml b/roles/bind-role/handlers/main.yml
index 07a7439..8ab34e9 100644
--- a/roles/bind-role/handlers/main.yml
+++ b/roles/bind-role/handlers/main.yml
@@ -5,3 +5,8 @@
   service:
     name: "{{ bind_service }}"
     state: restarted
+
+- name: restart network
+  service:
+    name: network
+    state: restarted
diff --git a/roles/bind-role/tasks/main.yml b/roles/bind-role/tasks/main.yml
index deec983..2cc1037 100644
--- a/roles/bind-role/tasks/main.yml
+++ b/roles/bind-role/tasks/main.yml
@@ -57,28 +57,23 @@
   register: reverse_hashes_ipv6
   with_items: "{{ bind_zone_ipv6_networks }}"
 
-- name: Generate rndc.key
-  shell: rndc-confgen -a -b 128 -c /etc/rndc.key -k rndc-key
-  register: key_generated
-  when: key_generated is not defined
-
-- name: "grab rndc.key"
-  fetch:
-    dest: "./.tmp/"
-    src: "/etc/rndc.key"
-    flat: true
-    validate_checksum: false
-  when: key_generated is defined
-
-- name: "put master rndc.key to slave"
-  copy:
-    src: "./.tmp/rndc.key"
-    dest: "/etc/rndc.key"
+- name: put rndc.key
+  template:
+    src: rndc.key.j2
+    dest: /etc/rndc.key
     owner: root
     group: named
     mode: 0640
-    force: yes
-  when: key_generated is defined
+
+- name: purge resolv.conf from interface`s config
+  shell: find /etc/net/ifaces -name 'resolv.conf' -delete
+  changed_when: false
+
+- name: set DNS resolver to the localhost
+  template:
+    src: resolv.conf
+    dest: /etc/net/ifaces/lo/resolv.conf
+  notify: restart network
 
 - include_tasks: master.yml
   when: bind_zone_master_server_ip in ansible_all_ipv4_addresses
diff --git a/roles/bind-role/templates/resolv.conf b/roles/bind-role/templates/resolv.conf
new file mode 100644
index 0000000..bbc8559
--- /dev/null
+++ b/roles/bind-role/templates/resolv.conf
@@ -0,0 +1 @@
+nameserver 127.0.0.1
diff --git a/roles/bind-role/templates/rndc.key.j2 b/roles/bind-role/templates/rndc.key.j2
new file mode 100644
index 0000000..401acb2
--- /dev/null
+++ b/roles/bind-role/templates/rndc.key.j2
@@ -0,0 +1,4 @@
+key "rndc-key" {
+        algorithm hmac-md5;
+        secret "{{bind.rndc_key}}";
+};