Kurt Roeckx wrote:
> Hi,
>
> After upgrade to 1.9.6-1, unbound did no longer start. It did not
> log anything about this in any log file.
>
> I have a config that says:
> do-not-query-localhost: no
>
> It now returns a syntax error for that.
Hi, Kurt:
Thanks for your bug report. In unbound 1.9.6-1 / 1.9.6-2, the config
file fragment /etc/unbound/unbound.conf.d/qname-minimisation.conf was
removed, because its contents were made redundant due to upstream
changing the default value for the qname-minimisation setting. Its
contents previously were:
server:
# Send minimum amount of information to upstream servers to enhance
# privacy. Only sends minimum required labels of the QNAME and sets
# QTYPE to NS when possible.
# See RFC 7816 "DNS Query Name Minimisation to Improve Privacy" for
# details.
qname-minimisation: yes
Because of the textual inclusion behavior of the "include:" directive
used in /etc/unbound/unbound.conf, it looks like your
"do-not-query-localhost: no" setting was relying on this fragment to
begin the "server:" clause. You should update your config file fragment
(if you haven't already) to:
server:
do-not-query-localhost: no
The textual inclusion behavior of "include:" makes it fragile against
these kinds of changes, so I discussed the issue with upstream
(https://github.com/NLnetLabs/unbound/issues/161) and they ended up
implementing a new "include-toplevel:" directive that requires each
config file fragment to begin a clause. Going forward, this should make
it more robust for the Debian unbound package to add or remove config
file fragments in /etc/unbound/unbound.conf.d/ without affecting users'
configurations if they've installed their own config file fragments, but
it does require users to update their config file fragments to declare a
clause if they don't already.
The unbound 1.11.0-1 package will switch /etc/unbound/unbound.conf to
using the "include-toplevel:" directive and he following announcement
will appear in the /usr/share/doc/unbound/NEWS.Debian.gz file:
unbound (1.11.0-1) unstable; urgency=high
The default Debian config file shipped in the unbound package has changed
from using the "include:" directive to using the "include-toplevel:"
directive in order to include the config file fragments in
/etc/unbound/unbound.conf.d/*.conf into the unbound configuration.
The "include-toplevel:" directive has been newly introduced in unbound
1.11.0 and it requires that any included config file fragment begin its own
clause (e.g., "server:").
The existing "include:" directive that was used in previous Debian releases
of the unbound package only performed textual inclusion, and it was possible
to construct a set of config file fragments that depended on the presence or
ordering of specific config file fragments in order to parse correctly. For
instance, a config file fragment could have specified an option that can
only appear in the "server:" clause, and rely on a previously included
config file fragment to begin that clause. This behavior is no longer
allowed by the use of the "include-toplevel:" directive because it is not
robust against config file fragments being added, removed, or reordered.
If you are upgrading the unbound package and you have installed any config
file fragments into /etc/unbound/unbound.conf.d/ you should check that each
config file fragment begins its own clause (e.g., "server:") and update each
config file fragment as necessary to be compatible with the behavior of the
"include-toplevel:" directive.
If needed, the previous behavior can be restored by changing the following
line in /etc/unbound/unbound.conf:
include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
to its previous setting:
include: "/etc/unbound/unbound.conf.d/*.conf"
-- Robert Edmonds Sun, 09 Aug 2020 19:39:01 -0400
--
Robert Edmonds
edmo...@debian.org
