Enable DNSSEC

2019-05-09 18:18:27 +01:00 · 2019-05-09 18:18:27 +01:00 · 993abc81bb
parent fb236fed86
commit 993abc81bb
1 changed files with 20 additions and 1 deletions
--- a/.ansible/roles/linux_desktop/tasks/config.yaml
+++ b/.ansible/roles/linux_desktop/tasks/config.yaml
@ -1,3 +1,22 @@
+- name: 'DNS: Enable DNSSEC'
+  tags:
+    - config
+    - dns
+  block:
+    - name: 'DNS: Enable DNSSEC configuration'
+      lineinfile:
+        path: '/etc/systemd/resolved.conf'
+        state: present
+        regexp: 'DNSSEC='
+        line: 'DNSSEC=yes'
+      become: true
+
+    - name: 'DNS: Restart resolver'
+      systemd:
+        name: systemd-resolved
+        state: restarted
+      become: true
+
 - name: 'IPv6: Privacy'
  tags:
    - config
@ -5,7 +24,7 @@
  block:
    - name: 'IPv6: Privacy: Temporary addressing defaults'
      lineinfile:
-        path: "/etc/ufw/sysctl.conf"
+        path: '/etc/ufw/sysctl.conf'
        state: present
        regexp: "net/ipv6/conf/{{ item }}/use_tempaddr"
        line: "net/ipv6/conf/{{ item }}/use_tempaddr=2"