From f72063e7c2f9b4b5894105f1fc8330c05a819977 Mon Sep 17 00:00:00 2001
From: Terry <tmoschou@gmail.com>
Date: Mon, 29 Mar 2021 17:30:45 +1030
Subject: [PATCH] Remove DNSSEC config management in bootstrap-debian.yml
 (#7408)

DNSSEC is off by default on ubuntu/bionic64 (18.04) as per resolved.conf(5).
These tasks are artefacts of obsolete infra configuration, and no longer needed.

Further removing these tasks resolves the issue that the tasks always reports
'changed' and bounces systemd-resolved unneccesarily, even if there was no
actual modification of /etc/systemd/resolved.conf.
---
 roles/bootstrap-os/tasks/bootstrap-debian.yml | 24 -------------------
 1 file changed, 24 deletions(-)

diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/bootstrap-debian.yml
index 82145ba01..b4b7a2647 100644
--- a/roles/bootstrap-os/tasks/bootstrap-debian.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml
@@ -43,30 +43,6 @@
     - need_https_proxy.rc != 0
     - not skip_http_proxy_on_os_packages
 
-- name: Check Network Name Resolution configuration
-  raw: grep '^DNSSEC=allow-downgrade' /etc/systemd/resolved.conf
-  register: need_dnssec_allow_downgrade
-  failed_when: false
-  changed_when: false
-  # This command should always run, even in check mode
-  check_mode: false
-  when:
-    - '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
-
-- name: Change Network Name Resolution configuration
-  raw: sed -i 's/^DNSSEC=yes/DNSSEC=allow-downgrade/g' /etc/systemd/resolved.conf
-  become: true
-  when:
-    - '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
-    - need_dnssec_allow_downgrade.rc
-
-- name: Restart systemd-resolved service
-  raw: systemctl restart systemd-resolved
-  become: true
-  when:
-    - '''UBUNTU_CODENAME=bionic'' in os_release.stdout_lines'
-    - need_dnssec_allow_downgrade.rc
-
 - name: Install python3
   raw:
     apt-get update && \