feat: Add BIND 9.20 forwarders configuration support

- Update forwarders template with enhanced functionality - Add molecule test cases for forwarders validation - Update options and zone templates for compatibility
2026-01-23 12:24:06 +01:00
parent 29a30e9edd
commit 32a3de5bab
6 changed files with 91 additions and 11 deletions
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -1,6 +1,30 @@
 ---
 - name: Converge
  hosts: all
+  vars:
+    bind9_group_config:
+      - name: named.conf.options
+        options:
+          directory: "{{ bind9_working_directory }}"
+          forwarders:
+            port: 853
+            tls: common-upstream
+            addresses:
+              - address: 192.0.2.10
+                port: 5353
+                tls: leaf-a
+              - address:
+                  - 2001:db8::10
+                  - 198.51.100.10
+                tls: dual-stack
+              - 203.0.113.10
+        tls:
+          - name: common-upstream
+            remote_hostname: upstream.example
+          - name: leaf-a
+            remote_hostname: leaf-a.example
+          - name: dual-stack
+            remote_hostname: dual-stack.example
  tasks:
    - name: Include bind9 role
      ansible.builtin.include_role:
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -2,13 +2,6 @@
 driver:
  name: podman
 platforms:
-  - name: debian-bookworm
-    image: docker.io/jrei/systemd-debian:12
-    command: /lib/systemd/systemd
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-    cgroupns_mode: host
  - name: debian-trixie
    image: docker.io/jrei/systemd-debian:13
    command: /lib/systemd/systemd
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -0,0 +1,21 @@
+---
+- name: Verify forwarders configuration
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Read named.conf.options
+      ansible.builtin.slurp:
+        src: /etc/bind/named.conf.options
+      register: forwarders_file
+
+    - name: Assert forwarders render with port and tls
+      ansible.builtin.assert:
+        that:
+          - forwarders_content is search('forwarders port 853 tls common-upstream \{')
+          - forwarders_content is search('192.0.2.10 port 5353 tls leaf-a;')
+          - forwarders_content is search('2001:db8::10 tls dual-stack;')
+          - forwarders_content is search('198.51.100.10 tls dual-stack;')
+          - forwarders_content is search('203.0.113.10;')
+        fail_msg: "Forwarders block missing expected port/tls entries"
+      vars:
+        forwarders_content: "{{ forwarders_file.content | b64decode }}"