From a298665e9347d6dbb6cecfb296219eab7738732e Mon Sep 17 00:00:00 2001
From: Daniel Akulenok <gitlab@valid.dk>
Date: Sun, 8 Feb 2026 00:20:51 +0100
Subject: [PATCH] fix: Improve BIND9 9.20 molecule scenario testing

- Add dnsutils and bind9-doc installation in prepare.yml
  Ensures dig command and documentation are available for testing

- Enhance verify.yml with improved validation:
  - Add named-checkconf syntax validation
  - Improve error detection logic in BIND logs
  - Add explicit error check assertions
  - Increase log tail output from 20 to 30 lines for better diagnostics

These fixes address PR #14 review issues #3, #4, and #5:
- Issue #3: Molecule converge.yml configuration (valid, no changes needed)
- Issue #4: prepare.yml now installs required testing tools
- Issue #5: verify.yml now includes better validation and error checking

Related to: PR #14
---
 molecule/bind9-20/prepare.yml |  7 +++++++
 molecule/bind9-20/verify.yml  | 22 +++++++++++++++++++---
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/molecule/bind9-20/prepare.yml b/molecule/bind9-20/prepare.yml
index 8c43e32..fdb0b40 100644
--- a/molecule/bind9-20/prepare.yml
+++ b/molecule/bind9-20/prepare.yml
@@ -5,3 +5,10 @@
     - name: Update package cache
       ansible.builtin.apt:
         update_cache: true
+
+    - name: Install DNS query tools (dnsutils)
+      ansible.builtin.apt:
+        name:
+          - dnsutils
+          - bind9-doc
+        state: present
diff --git a/molecule/bind9-20/verify.yml b/molecule/bind9-20/verify.yml
index d290c4e..d294f04 100644
--- a/molecule/bind9-20/verify.yml
+++ b/molecule/bind9-20/verify.yml
@@ -86,9 +86,16 @@
           - __dns_query.stdout_lines | length > 0
         fail_msg: DNS forwarding is not working
 
+    - name: Validate configuration syntax with named-checkconf
+      ansible.builtin.command:
+        cmd: named-checkconf /etc/bind/named.conf
+      register: __named_checkconf
+      changed_when: false
+      failed_when: __named_checkconf.rc != 0
+
     - name: Check BIND logs for errors
       ansible.builtin.command:
-        cmd: tail -20 /var/log/named/default.log
+        cmd: tail -30 /var/log/named/default.log
       register: __bind_logs
       changed_when: false
 
@@ -97,7 +104,16 @@
         msg: "BIND logs:\n{{ __bind_logs.stdout }}"
 
     - name: Verify no critical errors in logs
+      ansible.builtin.shell: |
+        if grep -i "error" /var/log/named/default.log | grep -v "error reporting" > /dev/null; then
+          exit 1
+        fi
+      changed_when: false
+      failed_when: false
+      register: __error_check
+
+    - name: Assert no critical errors found
       ansible.builtin.assert:
         that:
-          - "'error' not in __bind_logs.stdout.lower() or 'error' in __bind_logs.stdout.lower() | regex_replace('error reporting', '')"
-        fail_msg: Found errors in BIND logs
+          - __error_check.rc == 0
+        fail_msg: Found critical errors in BIND logs