debian/NEWS: Add entry for 1.11.0-1 regarding the change of /etc/unbound/unbound.conf to using the "include-toplevel:" directive
Robert Edmonds
3 years ago
| 0 | unbound (1.11.0-1) unstable; urgency=medium | |
| 1 | ||
| 2 | The default Debian config file shipped in the unbound package has changed | |
| 3 | from using the "include:" directive to using the "include-toplevel:" | |
| 4 | directive in order to include the config file fragments in | |
| 5 | /etc/unbound/unbound.conf.d/*.conf into the unbound configuration. | |
| 6 | ||
| 7 | The "include-toplevel:" directive has been newly introduced in unbound | |
| 8 | 1.11.0 and it requires that any included config file fragment begin its own | |
| 9 | clause (e.g., "server:"). | |
| 10 | ||
| 11 | The existing "include:" directive that was used in previous Debian releases | |
| 12 | of the unbound package only performed textual inclusion, and it was possible | |
| 13 | to construct a set of config file fragments that depended on the presence or | |
| 14 | ordering of specific config file fragments in order to parse correctly. For | |
| 15 | instance, a config file fragment could have specified an option that can | |
| 16 | only appear in the "server:" clause, and rely on a previously included | |
| 17 | config file fragment to begin that clause. This behavior is no longer | |
| 18 | allowed by the use of the "include-toplevel:" directive because it is not | |
| 19 | robust against config file fragments being added, removed, or reordered. | |
| 20 | ||
| 21 | If you are upgrading the unbound package and you have installed any config | |
| 22 | file fragments into /etc/unbound/unbound.conf.d/ you should check that each | |
| 23 | config file fragment begins its own clause (e.g., "server:") and update each | |
| 24 | config file fragment as necessary to be compatible with the behavior of the | |
| 25 | "include-toplevel:" directive. | |
| 26 | ||
| 27 | If needed, the previous behavior can be restored by changing the following | |
| 28 | line in /etc/unbound/unbound.conf: | |
| 29 | ||
| 30 | include-toplevel: "/etc/unbound/unbound.conf.d/*.conf" | |
| 31 | ||
| 32 | to its previous setting: | |
| 33 | ||
| 34 | include: "/etc/unbound/unbound.conf.d/*.conf" | |
| 35 | ||
| 36 | -- Robert Edmonds <edmonds@debian.org> Sun, 09 Aug 2020 19:39:01 -0400 | |
| 37 | ||
| 0 | 38 | unbound (1.5.7-2) unstable; urgency=medium |
| 1 | 39 | |
| 2 | 40 | The unbound package no longer ships an /etc/default/unbound conffile. |
| 27 | 65 | shipped with it explicitly enabled. |
| 28 | 66 | |
| 29 | 67 | ROOT_TRUST_ANCHOR_FILE |
| 30 | ||
| 68 | ||
| 31 | 69 | This variable can be explicitly set to override the path used by the |
| 32 | 70 | root trust anchor update mechanism for the root trust anchor. Otherwise, |
| 33 | 71 | it defaults to /var/lib/unbound/root.key if unset. |
| 37 | 75 | This variable now must be explicitly set to "false" to disable the root |
| 38 | 76 | trust anchor update mechanism. Otherwise, it defaults to enabled if |
| 39 | 77 | unset. |
| 40 | ||
| 78 | ||
| 41 | 79 | In previous versions, this variable had to be explicitly set to "true" |
| 42 | 80 | to enable the update mechanism, but the /etc/default/unbound file |
| 43 | 81 | shipped with it explicitly enabled. |
| 61 | 99 | This mechanism still exists, but the variable controlling it has been |
| 62 | 100 | removed. Instead, add or remove the executable bit from the |
| 63 | 101 | /etc/resolvconf/update.d/unbound file to enable or disable the hook. |
| 64 | ||
| 102 | ||
| 65 | 103 | This release also makes the following changes: |
| 66 | 104 | |
| 67 | 105 | The resolvconf update.d hook can be problematic, especially if the |