---

- name: Gather facts on listening ports
  community.general.listen_ports_facts:

- name: Detect systemd-resolve
  ansible.builtin.set_fact:
    _systemd_resolve_enable: "{{ ansible_facts.udp_listen | selectattr('port', 'eq', 53) | selectattr('name', 'eq', 'systemd-resolve') | count > 0 }}"

- name: Deactivate DNS stublistener
  ansible.builtin.lineinfile:
    path: /etc/systemd/resolved.conf
    regex: '^#DNSStubListener=yes'
    line: DNSStubListener=no
  when: _systemd_resolve_enable
  notify:
    - Restart systemd-resolved

- name: Force restart for stub resolver
  ansible.builtin.meta: flush_handlers

- name: Install nsd & utilities
  ansible.builtin.package:
    name:
      - nsd
      - dnsutils
      - ldnsutils
      - cron
    state: present
    update_cache: true