molecule/bind9-20/prepare.yml

@@ -5,3 +5,10 @@
     - name: Update package cache
       ansible.builtin.apt:
         update_cache: true
+
+    - name: Install DNS query tools (dnsutils)
+      ansible.builtin.apt:
+        name:
+          - dnsutils
+          - bind9-doc
+        state: present

molecule/bind9-20/verify.yml

@@ -86,9 +86,16 @@
           - __dns_query.stdout_lines | length > 0
         fail_msg: DNS forwarding is not working
 
+    - name: Validate configuration syntax with named-checkconf
+      ansible.builtin.command:
+        cmd: named-checkconf /etc/bind/named.conf
+      register: __named_checkconf
+      changed_when: false
+      failed_when: __named_checkconf.rc != 0
+
     - name: Check BIND logs for errors
       ansible.builtin.command:
-        cmd: tail -20 /var/log/named/default.log
+        cmd: tail -30 /var/log/named/default.log
       register: __bind_logs
       changed_when: false
 
@@ -97,7 +104,16 @@
         msg: "BIND logs:\n{{ __bind_logs.stdout }}"
 
     - name: Verify no critical errors in logs
+      ansible.builtin.shell: |
+        if grep -i "error" /var/log/named/default.log | grep -v "error reporting" > /dev/null; then
+          exit 1
+        fi
+      changed_when: false
+      failed_when: false
+      register: __error_check
+
+    - name: Assert no critical errors found
       ansible.builtin.assert:
         that:
-          - "'error' not in __bind_logs.stdout.lower() or 'error' in __bind_logs.stdout.lower() | regex_replace('error reporting', '')"
+          - __error_check.rc == 0
-        fail_msg: Found errors in BIND logs
+        fail_msg: Found critical errors in BIND logs