Switch to using only sqlite.

ansible/roles/public_dns/tasks/freebsd.yaml

@@ -1,4 +1,3 @@
-# NOTE: I had to disable bind and manually create the fizz.buzz zone with the sqlite backend or else the metadata updates would have no effect.
 - name: Install packages
   package:
     name:
@@ -24,7 +23,6 @@
     group: pdns
   loop:
     - /var/lib/powerdns
-    - /var/lib/powerdns/zones/
 
 - name: Copy files
   copy:
@@ -41,19 +39,22 @@
 
 - name: Initialize DB
   command: "sudo -u pdns sqlite3 -init /usr/local/share/doc/powerdns/schema.sqlite3.sql /var/lib/powerdns/pdns.sqlite3"
+  register: initdb
   args:
     creates: "/var/lib/powerdns/pdns.sqlite3"
 
-- name: Copy files
-  copy:
-    src: "files/{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: 0644
-    owner: pdns
-    group: pdns
-  loop:
-    - src: master.db
-      dest: /var/lib/powerdns/zones/
+- name: Initialize DB
+  when: initdb.changed
+  register: initsql
+  command: "sudo -u pdns zone2sql zone2sql --gsqlite=yes --named-conf=/usr/local/etc/pdns/bind.conf --transactions=yes"
+  args:
+    stdin: "{{ lookup('file', 'master.db') }}"
+
+- name: Initialize DB
+  when: initdb.changed
+  command: "sudo -u pdns sqlite3 /var/lib/powerdns/pdns.sqlite3"
+  args:
+    stdin: "{{ initsql.stdout }}"
 
 - name: Check TSIG keys
   command: pdnsutil list-tsig-keys
@@ -89,3 +90,16 @@
   command: pdnsutil add-meta fizz.buzz TSIG-ALLOW-DNSUPDATE externaldns
   when: '"externaldns" not in tsigallowupdate.stdout'
 
+- name: Check ALLOW-DNSUPDATE-FROM
+  command: pdnsutil get-meta fizz.buzz ALLOW-DNSUPDATE-FROM
+  register: allowdnsupdatefrom
+  changed_when: false
+  check_mode: no
+
+- name: Allow IP addresses
+  command: pdnsutil add-meta fizz.buzz ALLOW-DNSUPDATE-FROM 10.215.1.0/24
+  when: '"10.215.1.0/24" not in allowdnsupdatefrom.stdout'
+
+- name: Allow AXFR from the externaldns tsig key
+  command: pdnsutil add-meta fizz.buzz TSIG-ALLOW-AXFR externaldns
+  when: '"externaldns" not in tsigaxfr.stdout'