From f91fd5c9a8140aec01e4db3a4c0e182c8565249e Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 9 Mar 2023 16:33:42 +1100 Subject: [PATCH] bind9 : drop obsolete option for later versions dnssec-enable argument was made obsolete in 9.16 (focal) and removed in 9.18.0 (jammy), so this fails on a Jammy host. Template it in only for earlier distros Change-Id: I14983cc8eb5fd293052affefff31dac0a8dcb8f7 --- playbooks/roles/master-nameserver/templates/named.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/playbooks/roles/master-nameserver/templates/named.conf.j2 b/playbooks/roles/master-nameserver/templates/named.conf.j2 index 66ebea2ac7..85c3af6e2d 100644 --- a/playbooks/roles/master-nameserver/templates/named.conf.j2 +++ b/playbooks/roles/master-nameserver/templates/named.conf.j2 @@ -10,7 +10,9 @@ options { recursion yes; allow-query { any; }; + {% if ansible_distribution_version is version('18.04', '<=') %} dnssec-enable yes; + {% endif %} dnssec-validation yes; empty-zones-enable yes;