debian/NEWS: Add entry for 1.11.0-1 regarding the change of /etc/unbound/unbound.conf to using the "include-toplevel:" directive
Robert Edmonds
3 years ago
0 | unbound (1.11.0-1) unstable; urgency=medium | |
1 | ||
2 | The default Debian config file shipped in the unbound package has changed | |
3 | from using the "include:" directive to using the "include-toplevel:" | |
4 | directive in order to include the config file fragments in | |
5 | /etc/unbound/unbound.conf.d/*.conf into the unbound configuration. | |
6 | ||
7 | The "include-toplevel:" directive has been newly introduced in unbound | |
8 | 1.11.0 and it requires that any included config file fragment begin its own | |
9 | clause (e.g., "server:"). | |
10 | ||
11 | The existing "include:" directive that was used in previous Debian releases | |
12 | of the unbound package only performed textual inclusion, and it was possible | |
13 | to construct a set of config file fragments that depended on the presence or | |
14 | ordering of specific config file fragments in order to parse correctly. For | |
15 | instance, a config file fragment could have specified an option that can | |
16 | only appear in the "server:" clause, and rely on a previously included | |
17 | config file fragment to begin that clause. This behavior is no longer | |
18 | allowed by the use of the "include-toplevel:" directive because it is not | |
19 | robust against config file fragments being added, removed, or reordered. | |
20 | ||
21 | If you are upgrading the unbound package and you have installed any config | |
22 | file fragments into /etc/unbound/unbound.conf.d/ you should check that each | |
23 | config file fragment begins its own clause (e.g., "server:") and update each | |
24 | config file fragment as necessary to be compatible with the behavior of the | |
25 | "include-toplevel:" directive. | |
26 | ||
27 | If needed, the previous behavior can be restored by changing the following | |
28 | line in /etc/unbound/unbound.conf: | |
29 | ||
30 | include-toplevel: "/etc/unbound/unbound.conf.d/*.conf" | |
31 | ||
32 | to its previous setting: | |
33 | ||
34 | include: "/etc/unbound/unbound.conf.d/*.conf" | |
35 | ||
36 | -- Robert Edmonds <edmonds@debian.org> Sun, 09 Aug 2020 19:39:01 -0400 | |
37 | ||
0 | 38 | unbound (1.5.7-2) unstable; urgency=medium |
1 | 39 | |
2 | 40 | The unbound package no longer ships an /etc/default/unbound conffile. |
27 | 65 | shipped with it explicitly enabled. |
28 | 66 | |
29 | 67 | ROOT_TRUST_ANCHOR_FILE |
30 | ||
68 | ||
31 | 69 | This variable can be explicitly set to override the path used by the |
32 | 70 | root trust anchor update mechanism for the root trust anchor. Otherwise, |
33 | 71 | it defaults to /var/lib/unbound/root.key if unset. |
37 | 75 | This variable now must be explicitly set to "false" to disable the root |
38 | 76 | trust anchor update mechanism. Otherwise, it defaults to enabled if |
39 | 77 | unset. |
40 | ||
78 | ||
41 | 79 | In previous versions, this variable had to be explicitly set to "true" |
42 | 80 | to enable the update mechanism, but the /etc/default/unbound file |
43 | 81 | shipped with it explicitly enabled. |
61 | 99 | This mechanism still exists, but the variable controlling it has been |
62 | 100 | removed. Instead, add or remove the executable bit from the |
63 | 101 | /etc/resolvconf/update.d/unbound file to enable or disable the hook. |
64 | ||
102 | ||
65 | 103 | This release also makes the following changes: |
66 | 104 | |
67 | 105 | The resolvconf update.d hook can be problematic, especially if the |