diff --git a/.kitchen.yml b/.kitchen.yml
index 92ea206..a744609 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -16,13 +16,13 @@ provisioner:
   ansible_vault_password_file: ./test/integration/vault
 
 platforms:
-  - name: debian-9
+  - name: debian-10
     driver_config:
-      image: "nishiki/debian9:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.7' %>"
+      image: "nishiki/debian10:ansible-<%= ENV['ANSIBLE_VERSION'] ? ENV['ANSIBLE_VERSION'] : '2.9' %>"
       command: /bin/systemd
       volume:
         - /sys/fs/cgroup:/sys/fs/cgroup:ro
-      security_opt: seccomp=unconfined
+      privileged: cap-add=SYS_ADMIN
 
 suites:
   - name: bind
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 04e3458..d7a9c10 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,8 +4,9 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 Which is based on [Keep A Changelog](http://keepachangelog.com/)
 
 ## [Unreleased]
+- feat: add support debian 10
 - break: change with_items to loop
-- break: remove support ansible < 2.6
+- break: remove support ansible < 2.7
 - test: add test with ansible 2.7
 - test: add ansible-lint
 
diff --git a/Gemfile.lock b/Gemfile.lock
index c7c18e5..1dd4e2c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,44 +1,56 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    ast (2.3.0)
-    builder (3.2.3)
-    erubis (2.7.0)
-    ffi (1.9.18)
-    gssapi (1.2.0)
+    ast (2.4.0)
+    bcrypt_pbkdf (1.0.1)
+    builder (3.2.4)
+    ed25519 (1.2.4)
+    equatable (0.6.1)
+    erubi (1.9.0)
+    ffi (1.12.2)
+    gssapi (1.3.0)
       ffi (>= 1.0.1)
     gyoku (1.3.1)
       builder (>= 2.1.2)
     httpclient (2.8.3)
-    kitchen-ansible (0.47.5)
+    kitchen-ansible (0.50.1)
       net-ssh (>= 3)
-      test-kitchen (~> 1.4)
-    kitchen-docker_cli (0.18.0)
+      test-kitchen (>= 1.4)
+    kitchen-docker_cli (0.19.0)
       test-kitchen (>= 1.3)
+    license-acceptance (1.0.13)
+      pastel (~> 0.7)
+      tomlrb (~> 1.2)
+      tty-box (~> 0.3)
+      tty-prompt (~> 0.18)
     little-plugger (1.1.4)
     logging (2.2.2)
       little-plugger (~> 1.1)
       multi_json (~> 1.10)
-    mixlib-install (3.6.0)
+    mixlib-install (3.11.26)
       mixlib-shellout
       mixlib-versioning
       thor
-    mixlib-shellout (2.3.2)
-    mixlib-versioning (1.2.2)
-    multi_json (1.12.2)
-    net-scp (1.2.1)
-      net-ssh (>= 2.6.5)
-    net-ssh (4.2.0)
-    net-ssh-gateway (1.3.0)
-      net-ssh (>= 2.6.5)
+    mixlib-shellout (3.0.9)
+    mixlib-versioning (1.2.12)
+    multi_json (1.14.1)
+    necromancer (0.5.1)
+    net-scp (2.0.0)
+      net-ssh (>= 2.6.5, < 6.0.0)
+    net-ssh (5.2.0)
+    net-ssh-gateway (2.0.0)
+      net-ssh (>= 4.0.0)
     nori (2.6.0)
-    parallel (1.12.0)
-    parser (2.4.0.0)
-      ast (~> 2.2)
-    powerpack (0.1.1)
+    parallel (1.19.1)
+    parser (2.7.0.2)
+      ast (~> 2.4.0)
+    pastel (0.7.3)
+      equatable (~> 0.6)
+      tty-color (~> 0.5)
+    powerpack (0.1.2)
     rainbow (2.2.2)
       rake
-    rake (12.1.0)
+    rake (13.0.1)
     rubocop (0.50.0)
       parallel (~> 1.10)
       parser (>= 2.3.3.1, < 3.0)
@@ -46,40 +58,65 @@ GEM
       rainbow (>= 2.2.2, < 3.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.0, >= 1.0.1)
-    ruby-progressbar (1.9.0)
+    ruby-progressbar (1.10.1)
     rubyntlm (0.6.2)
-    rubyzip (1.2.1)
-    safe_yaml (1.0.4)
-    test-kitchen (1.18.0)
+    rubyzip (2.2.0)
+    strings (0.1.8)
+      strings-ansi (~> 0.1)
+      unicode-display_width (~> 1.5)
+      unicode_utils (~> 1.4)
+    strings-ansi (0.2.0)
+    test-kitchen (2.3.4)
+      bcrypt_pbkdf (~> 1.0)
+      ed25519 (~> 1.2)
+      license-acceptance (~> 1.0, >= 1.0.11)
       mixlib-install (~> 3.6)
-      mixlib-shellout (>= 1.2, < 3.0)
-      net-scp (~> 1.1)
-      net-ssh (>= 2.9, < 5.0)
-      net-ssh-gateway (~> 1.2)
-      safe_yaml (~> 1.0)
-      thor (~> 0.19, < 0.19.2)
+      mixlib-shellout (>= 1.2, < 4.0)
+      net-scp (>= 1.1, < 3.0)
+      net-ssh (>= 2.9, < 6.0)
+      net-ssh-gateway (>= 1.2, < 3.0)
+      thor (~> 0.19)
       winrm (~> 2.0)
       winrm-elevated (~> 1.0)
-      winrm-fs (~> 1.0.2)
-    thor (0.19.1)
-    unicode-display_width (1.3.0)
-    winrm (2.2.3)
+      winrm-fs (~> 1.1)
+    thor (0.20.3)
+    tomlrb (1.2.9)
+    tty-box (0.5.0)
+      pastel (~> 0.7.2)
+      strings (~> 0.1.6)
+      tty-cursor (~> 0.7)
+    tty-color (0.5.1)
+    tty-cursor (0.7.1)
+    tty-prompt (0.20.0)
+      necromancer (~> 0.5.0)
+      pastel (~> 0.7.0)
+      tty-reader (~> 0.7.0)
+    tty-reader (0.7.0)
+      tty-cursor (~> 0.7)
+      tty-screen (~> 0.7)
+      wisper (~> 2.0.0)
+    tty-screen (0.7.1)
+    unicode-display_width (1.6.1)
+    unicode_utils (1.4.0)
+    winrm (2.3.4)
       builder (>= 2.1.2)
-      erubis (~> 2.7)
+      erubi (~> 1.8)
       gssapi (~> 1.2)
       gyoku (~> 1.0)
       httpclient (~> 2.2, >= 2.2.0.2)
       logging (>= 1.6.1, < 3.0)
       nori (~> 2.0)
       rubyntlm (~> 0.6.0, >= 0.6.1)
-    winrm-elevated (1.1.0)
+    winrm-elevated (1.2.1)
+      erubi (~> 1.8)
       winrm (~> 2.0)
       winrm-fs (~> 1.0)
-    winrm-fs (1.0.2)
-      erubis (~> 2.7)
+    winrm-fs (1.3.4)
+      erubi (~> 1.8)
       logging (>= 1.6.1, < 3.0)
-      rubyzip (~> 1.1)
+      rubyzip (~> 2.0)
       winrm (~> 2.0)
+    wisper (2.0.1)
 
 PLATFORMS
   ruby
@@ -91,4 +128,4 @@ DEPENDENCIES
   test-kitchen
 
 BUNDLED WITH
-   1.14.6
+   1.17.3
diff --git a/README.md b/README.md
index 1390d91..fd275b4 100644
--- a/README.md
+++ b/README.md
@@ -7,9 +7,9 @@ Install and configure bind with dnssec
 
 ## Requirements
 
-* Ansible >= 2.6
+* Ansible >= 2.7
 * bind version >= 9.8
-* Debian Stretch
+* Debian Stretch and Buster
 
 ## Role variables
 
diff --git a/meta/main.yml b/meta/main.yml
index 176b32f..8eb2d79 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -4,12 +4,13 @@ galaxy_info:
   company: Adrien Waksberg
   description: Install and configure bind9 with dnssec
   license: Apache2
-  min_ansible_version: 2.6
+  min_ansible_version: 2.7
 
   platforms:
     - name: Debian
       versions:
         - stretch
+        - buster
 
   galaxy_tags:
     - bind
diff --git a/templates/db.j2 b/templates/db.j2
index 6d36ce5..0cff540 100644
--- a/templates/db.j2
+++ b/templates/db.j2
@@ -28,7 +28,7 @@ $TTL    {{ item.value.ttl|default(3600) }}
 {% endfor %}
 {% if item.key in bind_dnssec %}
 
-{% for key_type, key_values in bind_dnssec[item.key].iteritems() %}
+{% for key_type, key_values in bind_dnssec[item.key].items() %}
 $INCLUDE K{{ item.key }}.+{{ "00{}".format(key_values.algorithm)[-3:] }}+{{ key_values.tag }}.key
 {% endfor %}
 {% endif %}
diff --git a/templates/named.conf.local.j2 b/templates/named.conf.local.j2
index 232bc80..5c30d89 100644
--- a/templates/named.conf.local.j2
+++ b/templates/named.conf.local.j2
@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
-{% for zone, value in bind_zones.iteritems() %}
+{% for zone, value in bind_zones.items() %}
 {% if 'state' not in value or value.state|lower not in ['disabled', 'absent'] %}
 
 zone "{{ zone }}" IN {
@@ -19,7 +19,7 @@ zone "{{ zone }}" IN {
 {% endif %}
   };
 {% if 'options' in value %}
-{% for option,  opt_value in value.options.iteritems() %}
+{% for option,  opt_value in value.options.items() %}
   {{ option }} {% if opt_value == True %}yes{% elif opt_value == False %}no{% else %}{{ opt_value }}{% endif %};
 {% endfor %}
 {% endif %}
diff --git a/templates/named.conf.options.j2 b/templates/named.conf.options.j2
index 013701f..5ea84d7 100644
--- a/templates/named.conf.options.j2
+++ b/templates/named.conf.options.j2
@@ -11,7 +11,7 @@ options {
   listen-on { {% if bind_listen_ipv4 %}any{% else %}none{% endif %}; };
   listen-on-v6 { {% if bind_listen_ipv6 %}any{% else %}none{% endif %}; };
 
-{% for option,  value in bind_options.iteritems() %}
+{% for option,  value in bind_options.items() %}
   {{ option }} {% if value == True %}yes{% elif value == False %}no{% else %}{{ value }}{% endif %};
 {% endfor %}