ansible-bind9-role/molecule/default/verify.yml

---
- name: Verify
  hosts: all
  gather_facts: true
  tasks:
    - name: Check that BIND9 is installed
      ansible.builtin.package:
        name: bind9
        state: present
      check_mode: true
      register: __bind9_package_check
      failed_when: __bind9_package_check is changed

    - name: Check that BIND9 service is running
      ansible.builtin.service:
        name: named
        state: started
        enabled: true
      check_mode: true
      register: __bind9_service_check
      failed_when: __bind9_service_check is changed

    - name: Check that named.conf.options exists
      ansible.builtin.stat:
        path: /etc/bind/named.conf.options
      register: __options_file
      failed_when: not __options_file.stat.exists

    - name: Check that named.conf.local exists
      ansible.builtin.stat:
        path: /etc/bind/named.conf.local
      register: __local_file
      failed_when: not __local_file.stat.exists

    - name: Read named.conf.options content
      ansible.builtin.slurp:
        path: /etc/bind/named.conf.options
      register: __options_content

    - name: Verify forwarders are configured in options
      ansible.builtin.assert:
        that:
          - "'forwarders' in __options_decoded"
          - "'91.239.100.100' in __options_decoded"
          - "'89.233.43.71' in __options_decoded"
          - "'forward first' in __options_decoded"
        fail_msg: Forwarders not properly configured in named.conf.options
      vars:
        __options_decoded: "{{ __options_content.content | b64decode }}"

    - name: Read named.conf.local content
      ansible.builtin.slurp:
        path: /etc/bind/named.conf.local
      register: __local_content

    - name: Verify forward zone is configured
      ansible.builtin.assert:
        that:
          - "'zone \"example.internal\"' in __local_decoded"
          - "'type forward' in __local_decoded"
          - "'forward only' in __local_decoded"
        fail_msg: Forward zone not properly configured in named.conf.local
      vars:
        __local_decoded: "{{ __local_content.content | b64decode }}"

    - name: Test DNS resolution using localhost
      ansible.builtin.command:
        cmd: dig @localhost google.com +short
      register: __dns_query
      changed_when: false
      failed_when: __dns_query.rc != 0

    - name: Verify DNS query returned results
      ansible.builtin.assert:
        that:
          - __dns_query.stdout_lines | length > 0
        fail_msg: DNS forwarding is not working