use static rndc.key; set localhost as a dns-resolver

roles/bind-role/handlers/main.yml

@@ -5,3 +5,8 @@
   service:
     name: "{{ bind_service }}"
     state: restarted
+
+- name: restart network
+  service:
+    name: network
+    state: restarted

roles/bind-role/tasks/main.yml

@@ -57,28 +57,23 @@
   register: reverse_hashes_ipv6
   with_items: "{{ bind_zone_ipv6_networks }}"
 
-- name: Generate rndc.key
+- name: put rndc.key
-  shell: rndc-confgen -a -b 128 -c /etc/rndc.key -k rndc-key
+  template:
-  register: key_generated
+    src: rndc.key.j2
-  when: key_generated is not defined
+    dest: /etc/rndc.key
-
-- name: "grab rndc.key"
-  fetch:
-    dest: "./.tmp/"
-    src: "/etc/rndc.key"
-    flat: true
-    validate_checksum: false
-  when: key_generated is defined
-
-- name: "put master rndc.key to slave"
-  copy:
-    src: "./.tmp/rndc.key"
-    dest: "/etc/rndc.key"
     owner: root
     group: named
     mode: 0640
-    force: yes
+
-  when: key_generated is defined
+- name: purge resolv.conf from interface`s config
+  shell: find /etc/net/ifaces -name 'resolv.conf' -delete
+  changed_when: false
+
+- name: set DNS resolver to the localhost
+  template:
+    src: resolv.conf
+    dest: /etc/net/ifaces/lo/resolv.conf
+  notify: restart network
 
 - include_tasks: master.yml
   when: bind_zone_master_server_ip in ansible_all_ipv4_addresses

roles/bind-role/templates/resolv.conf

@@ -0,0 +1 @@
+nameserver 127.0.0.1

roles/bind-role/templates/rndc.key.j2

@@ -0,0 +1,4 @@
+key "rndc-key" {
+        algorithm hmac-md5;
+        secret "{{bind.rndc_key}}";
+};