projects / pennestraat-domotica / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3b9fae4)
ansible: disable dnssec validation
authorKristof Provost <kp@FreeBSD.org>
Sun, 2 Mar 2025 19:10:58 +0000 (20:10 +0100)
committerKristof Provost <kp@FreeBSD.org>
Sun, 2 Mar 2025 19:10:58 +0000 (20:10 +0100)
On at least one internet connection (Proximus DSL) we've seen failures to
resolve kosmos.sigsegv.be. Disabling DNSSec makes it work again (despite dnssec
being correct on the domain).

ansible/roles/domotica/tasks/main.yaml patch | blob | history
ansible/roles/domotica/templates/disable_dnssec_validation.conf [new file with mode: 0644] patch | blob

diff --git a/ansible/roles/domotica/tasks/main.yaml b/ansible/roles/domotica/tasks/main.yaml
index 130a21d..fa9b923 100644 (file)
--- a/ansible/roles/domotica/tasks/main.yaml
+++ b/ansible/roles/domotica/tasks/main.yaml
@@ -26,6 +26,14 @@
     mode: 0644
   become: true
   notify: "restart pf"
+- name: disable unbound dnssec validation
+  template:
+    src: disable_dnssec_validation.conf
+    dest: "/etc/unbound/conf.d/disable_dnssec_validation.conf"
+    owner: root
+    group: wheel
+    mode: 0644
+  become: true
 - name: unbound enable
   community.general.sysrc:
     name: local_unbound_enable
diff --git a/ansible/roles/domotica/templates/disable_dnssec_validation.conf b/ansible/roles/domotica/templates/disable_dnssec_validation.conf
new file mode 100644 (file)
index 0000000..9ca4352
--- /dev/null
+++ b/ansible/roles/domotica/templates/disable_dnssec_validation.conf
@@ -0,0 +1,2 @@
+server:
+       val-permissive-mode: yes
System installer and configuration for Logo interface devices