1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
unbound (1.5.7-2) unstable; urgency=medium
The unbound package no longer ships an /etc/default/unbound conffile.
If modified, it will be renamed to /etc/default/unbound.dpkg-bak after
upgrading.
The /etc/default/unbound file, if it exists, will still be read and the
behavior of the package can be modified, but the defaults have been changed
to make it unnecessary for most users to need an /etc/default/unbound
file.
The following variables are still supported by the /etc/default/unbound
file, if it exists:
DAEMON_OPTS
If set, the value of this variable will be appended to the daemon
command-line.
RESOLVCONF
This variable now must be explicitly set to "false" to disable the
unbound package's resolvconf provider. Otherwise, it defaults to
enabled if unset.
In previous versions, this variable had to be explicitly set to "true"
to enable the resolvconf provider, but the /etc/default/unbound file
shipped with it explicitly enabled.
ROOT_TRUST_ANCHOR_FILE
This variable can be explicitly set to override the path used by the
root trust anchor update mechanism for the root trust anchor. Otherwise,
it defaults to /var/lib/unbound/root.key if unset.
ROOT_TRUST_ANCHOR_UPDATE
This variable now must be explicitly set to "false" to disable the root
trust anchor update mechanism. Otherwise, it defaults to enabled if
unset.
In previous versions, this variable had to be explicitly set to "true"
to enable the update mechanism, but the /etc/default/unbound file
shipped with it explicitly enabled.
The following variables are no longer supported by the /etc/default/unbound
file, but were present in previous versions:
UNBOUND_ENABLE
This variable controlled whether or not the init script would start the
Unbound daemon. Instead, use the standard Debian mechanisms for enabling
or disabling a service started by the init system.
RESOLVCONF_FORWARDERS
This variable controlled whether or not the upstream nameservers
supplied by resolvconf were configured into the running Unbound instance
with the "unbound-control forward" command, via a resolvconf update.d
hook.
This mechanism still exists, but the variable controlling it has been
removed. Instead, add or remove the executable bit from the
/etc/resolvconf/update.d/unbound file to enable or disable the hook.
This release also makes the following changes:
The resolvconf update.d hook can be problematic, especially if the
upstream nameservers do not perform DNSSEC validation, or if a
"forward-zone" declaration for the root zone has been statically
configured by the administrator. In previous versions, the hook was
enabled by default, but it is now disabled by default. It can be
explicitly enabled by running "chmod +x /etc/resolvconf/update.d/unbound".
The unbound package now depends on the dns-root-data package, and the root
trust anchor update mechanism has been enhanced to import the root trust
anchor from /usr/share/dns/root.key on new installations, or if the
/usr/share/dns/root.key file is newer than /var/lib/unbound/root.key.
-- Robert Edmonds <edmonds@debian.org> Sun, 21 Feb 2016 16:01:33 -0500
|
