---

- name: Gain TSIG key to apply DNS record changes
  tsig_interpreter:
    path: "{{ global_dns_session_key_path }}"
  register: tsig_key
  delegate_to: "{{ dns_system_domain }}"
  tags:
    - dns_entries

- name: Disable debug mode entries
  nsupdate:
    state: absent
    server: "127.0.0.1" # delegated to correct system
    key_algorithm: "{{ tsig_key.key_algorithm }}"
    key_name: "{{ tsig_key.key_name }}"
    key_secret: "{{ tsig_key.key_secret }}"
    zone: "{{ dns_zone_domain }}"
    record: "{{ item.domain | default('@') | domain_relative_to(debug_domain) }}."
    ttl: "{{ item.ttl | default(ttl_default) }}"
    type: "{{ item.type }}"
    value: "{{ item.data }}"
  loop: "{{ entries | dns_entries_interpreter }}"
  loop_control:
    label: "{{ item.domain | default('@') | domain_relative_to(debug_domain) }} {{ item.type }}"
  delegate_to: "{{ dns_system_domain }}"
  when:
    - delete_debug_dns_entries
  tags:
    - dns_entries

- name: Apply changes in DNS records
  nsupdate:
    server: "127.0.0.1" # delegated to correct system
    key_algorithm: "{{ tsig_key.key_algorithm }}"
    key_name: "{{ tsig_key.key_name }}"
    key_secret: "{{ tsig_key.key_secret }}"
    zone: "{{ dns_zone_domain }}"
    record: "{{ item.domain | default('@') | domain_relative_to(effective_domain) }}."
    ttl: "{{ item.ttl | default(ttl_default) }}"
    type: "{{ item.type }}"
    value: "{{ item.data }}"
  loop: "{{ entries | dns_entries_interpreter }}"
  loop_control:
    label: "{{ item.domain | default('@') | domain_relative_to(effective_domain) }}. {{ item.type }}"
  delegate_to: "{{ dns_system_domain }}"
  register: dns_entries_task
  tags:
    - dns_entries

- name: Wait for entries to become announced
  wait_for:
    timeout: 8
  when: dns_entries_task.changed