Kurt Roeckx wrote: > Hi, > > After upgrade to 1.9.6-1, unbound did no longer start. It did not > log anything about this in any log file. > > I have a config that says: > do-not-query-localhost: no > > It now returns a syntax error for that.
Hi, Kurt: Thanks for your bug report. In unbound 1.9.6-1 / 1.9.6-2, the config file fragment /etc/unbound/unbound.conf.d/qname-minimisation.conf was removed, because its contents were made redundant due to upstream changing the default value for the qname-minimisation setting. Its contents previously were: server: # Send minimum amount of information to upstream servers to enhance # privacy. Only sends minimum required labels of the QNAME and sets # QTYPE to NS when possible. # See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for # details. qname-minimisation: yes Because of the textual inclusion behavior of the "include:" directive used in /etc/unbound/unbound.conf, it looks like your "do-not-query-localhost: no" setting was relying on this fragment to begin the "server:" clause. You should update your config file fragment (if you haven't already) to: server: do-not-query-localhost: no The textual inclusion behavior of "include:" makes it fragile against these kinds of changes, so I discussed the issue with upstream (https://github.com/NLnetLabs/unbound/issues/161) and they ended up implementing a new "include-toplevel:" directive that requires each config file fragment to begin a clause. Going forward, this should make it more robust for the Debian unbound package to add or remove config file fragments in /etc/unbound/unbound.conf.d/ without affecting users' configurations if they've installed their own config file fragments, but it does require users to update their config file fragments to declare a clause if they don't already. The unbound 1.11.0-1 package will switch /etc/unbound/unbound.conf to using the "include-toplevel:" directive and he following announcement will appear in the /usr/share/doc/unbound/NEWS.Debian.gz file: unbound (1.11.0-1) unstable; urgency=high The default Debian config file shipped in the unbound package has changed from using the "include:" directive to using the "include-toplevel:" directive in order to include the config file fragments in /etc/unbound/unbound.conf.d/*.conf into the unbound configuration. The "include-toplevel:" directive has been newly introduced in unbound 1.11.0 and it requires that any included config file fragment begin its own clause (e.g., "server:"). The existing "include:" directive that was used in previous Debian releases of the unbound package only performed textual inclusion, and it was possible to construct a set of config file fragments that depended on the presence or ordering of specific config file fragments in order to parse correctly. For instance, a config file fragment could have specified an option that can only appear in the "server:" clause, and rely on a previously included config file fragment to begin that clause. This behavior is no longer allowed by the use of the "include-toplevel:" directive because it is not robust against config file fragments being added, removed, or reordered. If you are upgrading the unbound package and you have installed any config file fragments into /etc/unbound/unbound.conf.d/ you should check that each config file fragment begins its own clause (e.g., "server:") and update each config file fragment as necessary to be compatible with the behavior of the "include-toplevel:" directive. If needed, the previous behavior can be restored by changing the following line in /etc/unbound/unbound.conf: include-toplevel: "/etc/unbound/unbound.conf.d/*.conf" to its previous setting: include: "/etc/unbound/unbound.conf.d/*.conf" -- Robert Edmonds <edmo...@debian.org> Sun, 09 Aug 2020 19:39:01 -0400 -- Robert Edmonds edmo...@debian.org