debian/NEWS.Debian: Add NEWS entry for 1.5.7-2
Robert Edmonds
8 years ago
0 | unbound (1.5.7-2) unstable; urgency=medium | |
1 | ||
2 | The unbound package no longer ships an /etc/default/unbound conffile. | |
3 | If modified, it will be renamed to /etc/default/unbound.dpkg-bak after | |
4 | upgrading. | |
5 | ||
6 | The /etc/default/unbound file, if it exists, will still be read and the | |
7 | behavior of the package can be modified, but the defaults have been changed | |
8 | to make it unnecessary for most users to need an /etc/default/unbound | |
9 | file. | |
10 | ||
11 | The following variables are still supported by the /etc/default/unbound | |
12 | file, if it exists: | |
13 | ||
14 | DAEMON_OPTS | |
15 | ||
16 | If set, the value of this variable will be appended to the daemon | |
17 | command-line. | |
18 | ||
19 | RESOLVCONF | |
20 | ||
21 | This variable now must be explicitly set to "false" to disable the | |
22 | unbound package's resolvconf provider. Otherwise, it defaults to | |
23 | enabled if unset. | |
24 | ||
25 | In previous versions, this variable had to be explicitly set to "true" | |
26 | to enable the resolvconf provider, but the /etc/default/unbound file | |
27 | shipped with it explicitly enabled. | |
28 | ||
29 | ROOT_TRUST_ANCHOR_FILE | |
30 | ||
31 | This variable can be explicitly set to override the path used by the | |
32 | root trust anchor update mechanism for the root trust anchor. Otherwise, | |
33 | it defaults to /var/lib/unbound/root.key if unset. | |
34 | ||
35 | ROOT_TRUST_ANCHOR_UPDATE | |
36 | ||
37 | This variable now must be explicitly set to "false" to disable the root | |
38 | trust anchor update mechanism. Otherwise, it defaults to enabled if | |
39 | unset. | |
40 | ||
41 | In previous versions, this variable had to be explicitly set to "true" | |
42 | to enable the update mechanism, but the /etc/default/unbound file | |
43 | shipped with it explicitly enabled. | |
44 | ||
45 | The following variables are no longer supported by the /etc/default/unbound | |
46 | file, but were present in previous versions: | |
47 | ||
48 | UNBOUND_ENABLE | |
49 | ||
50 | This variable controlled whether or not the init script would start the | |
51 | Unbound daemon. Instead, use the standard Debian mechanisms for enabling | |
52 | or disabling a service started by the init system. | |
53 | ||
54 | RESOLVCONF_FORWARDERS | |
55 | ||
56 | This variable controlled whether or not the upstream nameservers | |
57 | supplied by resolvconf were configured into the running Unbound instance | |
58 | with the "unbound-control forward" command, via a resolvconf update.d | |
59 | hook. | |
60 | ||
61 | This mechanism still exists, but the variable controlling it has been | |
62 | removed. Instead, add or remove the executable bit from the | |
63 | /etc/resolvconf/update.d/unbound file to enable or disable the hook. | |
64 | ||
65 | This release also makes the following changes: | |
66 | ||
67 | The resolvconf update.d hook can be problematic, especially if the | |
68 | upstream nameservers do not perform DNSSEC validation, or if a | |
69 | "forward-zone" declaration for the root zone has been statically | |
70 | configured by the administrator. In previous versions, the hook was | |
71 | enabled by default, but it is now disabled by default. It can be | |
72 | explicitly enabled by running "chmod +x /etc/resolvconf/update.d/unbound". | |
73 | ||
74 | The unbound package now depends on the dns-root-data package, and the root | |
75 | trust anchor update mechanism has been enhanced to import the root trust | |
76 | anchor from /usr/share/dns/root.key on new installations, or if the | |
77 | /usr/share/dns/root.key file is newer than /var/lib/unbound/root.key. | |
78 | ||
79 | -- Robert Edmonds <edmonds@debian.org> Sun, 21 Feb 2016 16:01:33 -0500 |