Reliability fixes
- Prevent hang on start related to DNSSEC
- Timeout unavailable severs more quickly, which works around transient
failures (previously wouldn't query a "dead" server for 900s)
- Limit TTL on NXDOMAIN responses
- Fixes for galaxy and linting
Change-Id: I95bf71ec2841e4036a6a14501e9ed285d5249732
diff --git a/tasks/Debian.yml b/tasks/Debian.yml
index 88f9c4b..d0d2338 100644
--- a/tasks/Debian.yml
+++ b/tasks/Debian.yml
@@ -24,6 +24,14 @@
group: root
mode: "0644"
+- name: Disable DNSSEC anchor download that can hang on startup
+ copy:
+ src: "default_unbound"
+ dest: "/etc/default/unbound"
+ owner: root
+ group: root
+ mode: "0644"
+
- name: Install unbound packages (Debian)
apt:
name: "unbound"