Debian 11 - error in config file

Carsten Strotmann carsten at strotmann.de
Mon Sep 20 09:09:10 UTC 2021 

Hi Georg,

On 20 Sep 2021, at 10:54, Gregory Schouweiler via Unbound-users wrote:

> Hello,
>
> Is there a bug with Debian 11?
> I use the same configuration as on debian 10.9 but unbound doesn't 
> want to load the configuration file.
>
> Under debian 10.9, unbound is in version 1.9.x
>
> Under Debian 11, unbound is in version 1.13.1
>
> My config files :
>
> root at maxwell:/etc/unbound# cat unbound.conf
> # Unbound configuration file for Debian.
> #
> # See the unbound.conf(5) man page.
> #
> # See /usr/share/doc/unbound/examples/unbound.conf for a commented
> # reference config file.
> #
> # The following line includes additional configuration files from the
> # /etc/unbound/unbound.conf.d directory.
> include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
> root at maxwell:/etc/unbound# cd unbound.conf.d/
> root at maxwell:/etc/unbound/unbound.conf.d#<mailto:root at maxwell:/etc/unbound/unbound.conf.d#> 
> cat default.conf
> interface: 0.0.0.0
> access-control: 172.16.0.0/21 allow
> access-control: 127.0.0.0/8 allow
> root at maxwell:/etc/unbound/unbound.conf.d#<mailto:root at maxwell:/etc/unbound/unbound.conf.d#> 
> unbound-checkconf
> /etc/unbound/unbound.conf.d/default.conf:1: error: syntax error
> read /etc/unbound/unbound.conf failed: 1 errors in configuration file
>
>

it's a change in Debian 11, it's mentioned in the release notes and you 
should have seen it during the upgrade to Debian 11 in the apt changes 
messages:

https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#unbound-config-file-handling

>> 5.1.6. Config file fragment handling in unbound
>> The DNS resolver unbound has changed the way it handles configuration 
>> file fragments. If you are relying on an include:
>> directive to merge several fragments into a valid configuration, you 
>> should read the NEWS file.

""

The default Debian config file shipped in the unbound package has 
changed
   from using the "include:" directive to using the "include-toplevel:"
   directive in order to include the config file fragments in
   /etc/unbound/unbound.conf.d/*.conf into the unbound configuration.

   The "include-toplevel:" directive has been newly introduced in 
unbound
   1.11.0 and it requires that any included config file fragment begin 
its own
   clause (e.g., "server:").

""

Greetings

Carsten

More information about the Unbound-users mailing list