From 99e9e9cf2ea48351fd3ec0b09b5b09ede9b6958e Mon Sep 17 00:00:00 2001
From: Rene Mewissen <rene@tantooine.myfirewall.org>
Date: Mon, 22 Jul 2024 18:22:59 +0200
Subject: [PATCH] of course recursor needs to listen on localhost

---
 roles/nameserver/templates/powerdns-recursor-custom-config.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nameserver/templates/powerdns-recursor-custom-config.j2 b/roles/nameserver/templates/powerdns-recursor-custom-config.j2
index b4a0b42..0bc5fc6 100644
--- a/roles/nameserver/templates/powerdns-recursor-custom-config.j2
+++ b/roles/nameserver/templates/powerdns-recursor-custom-config.j2
@@ -1,5 +1,5 @@
 allow-from = 192.168.1.0/24, 192.168.3.0/24, 172.16.0.0/24, 127.0.0.0/8
-local-address = {% if wg_local_ip is defined %}{{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %}
+local-address = 127.0.0.1 {% if wg_local_ip is defined %}, {{ wg_local_ip | ansible.utils.ipaddr('address') }}{% else %}{{ ansible_default_ipv4.address }}{% endif %}
 
 local-port = {% if pdns_recursor_lport is defined %}{{ pdns_recursor_lport }}{% else %}53{% endif %}