- name: install cache only nameserver
  hosts: caching_dns
  remote_user: devops
  become: yes

  vars:
    interface: 0.0.0.0
    interface_automatic: "yes"
    access_control: 
      - "172.25.250.0/24 allow"
    domain_insecure: example.com
    forward_zone_name: .
    forward_zone_addr: "172.25.250.254"

  tasks:
    - name: install cache only nameserver
      yum:
        name: unbound
        state: present

    - name: create conf file in server
      template:
        src: unbound.conf.j2
        dest: /etc/unbound/conf.d/unbound.conf

    - name: allow dns on firewall
      firewalld:
        service: dns
        state: enabled
        permanent: yes
        immediate: yes

    - name: ensure unbound is running and enabled
      service: 
        name: unbound
        state: started
        enabled: yes

  handlers:
    - name: restart_unbound
      service:
        name: unbound
        state: restarted