Hi. Upstream has released a bugfix version: https://github.com/NLnetLabs/unbound/releases/tag/release-1.17.1
Ready for QA. ADVISORY NOTICE PROPOSAL ======================== Bug fix update of the unbound packages Description This release fixes a number of bugs. There are also new configuration options that by default do not change the existing behaviour of Unbound. References https://bugs.mageia.org/show_bug.cgi?id=31728 https://github.com/NLnetLabs/unbound/releases/tag/release-1.17.1 SRPMS 8/core unbound-1.17.1-1.mga8.src.rpm PROVIDED PACKAGES: lib64unbound8-1.17.1-1.mga8 lib64unbound-devel-1.17.1-1.mga8 unbound-1.17.1-1.mga8 python3-unbound-1.17.1-1.mga8 PACKAGES FOR QA TESTING ======================= x86_64: lib64unbound8-1.17.1-1.mga8.x86_64.rpm lib64unbound-devel-1.17.1-1.mga8.x86_64.rpm unbound-1.17.1-1.mga8.x86_64.rpm python3-unbound-1.17.1-1.mga8.x86_64.rpm i586: lib64unbound8-1.17.1-1.mga8.i586.rpm lib64unbound-devel-1.17.1-1.mga8.i586.rpm unbound-1.17.1-1.mga8.i586.rpm python3-unbound-1.17.1-1.mga8.i586.rpm
Assignee: chb0 => qa-bugs
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Test fails after changing my DNS-setting from my own LAN to 127.0.0.1 $ dig mageia.org ; <<>> DiG 9.11.37Mageia-1.1.mga8 <<>> mageia.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30718 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;mageia.org. IN A ;; Query time: 1018 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Mar 31 17:14:07 CEST 2023 ;; MSG SIZE rcvd: 39 Unbound is running # systemctl -l status unbound ● unbound.service - Unbound DNS Resolver Loaded: loaded (/usr/lib/systemd/system/unbound.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2023-03-31 17:13:41 CEST; 3s ago Main PID: 12714 (unbound) Tasks: 1 (limit: 4364) Memory: 6.5M CPU: 87ms CGroup: /system.slice/unbound.service └─12714 /usr/sbin/unbound -c /etc/unbound/unbound.conf Mar 31 17:13:41 mach7.hviaene.thuis systemd[1]: Started Unbound DNS Resolver. But in reality the network connection is broken. Having another go after rebooting.
CC: (none) => herman.viaene
No joy, replacing the DNS-server with 127.0.0.1 breaks the internet connection, not the connection to the gateway.
Created attachment 13758 [details] Patch to comment out forward zone in /etc/unbound.conf As happened in bug 30743, the forward zone must be commented out in /etc/unbound.conf
CC: (none) => davidwhodgins
As this is not a regression, I think there are three choices. 1. We can validate this update as is, but since it's a bugfix update I don't think we should. 2. Add a recommends for dnscrypt-proxy. If they user chooses not to install the recommended package, it's up to them to comment the forward zone. 3. Apply the patch from comment 4 so it works out of the box without dns-proxy.
(In reply to Dave Hodgins from comment #5) > As this is not a regression, I think there are three choices. > > 1. We can validate this update as is, but since it's a bugfix update I don't > think we should. > > 2. Add a recommends for dnscrypt-proxy. If they user chooses not to install > the recommended package, it's up to them to comment the forward zone. > > 3. Apply the patch from comment 4 so it works out of the box without > dns-proxy. I vote for 3b. I mean by that, commenting out the forward zone, with the additional comment to uncomment the block in case of dnscrypt-proxy installation. What do you think?
That would be fine. The comment should go into a README.urpmi file.
Hi again. Should the MGA9 package be corrected as well? It has been updated quite some time ago already.
Ready for QA. ADVISORY NOTICE PROPOSAL ======================== Bug fix update of the unbound packages Description This release fixes a number of bugs. There are also new configuration options that by default do not change the existing behaviour of Unbound. References https://bugs.mageia.org/show_bug.cgi?id=31728 https://github.com/NLnetLabs/unbound/releases/tag/release-1.17.1 SRPMS 8/core unbound-1.17.1-2.mga8.src.rpm PROVIDED PACKAGES: lib64unbound8-1.17.1-2.mga8 lib64unbound-devel-1.17.1-2.mga8 unbound-1.17.1-2.mga8 python3-unbound-1.17.1-2.mga8 PACKAGES FOR QA TESTING ======================= x86_64: lib64unbound8-1.17.1-2.mga8.x86_64.rpm lib64unbound-devel-1.17.1-2.mga8.x86_64.rpm unbound-1.17.1-2.mga8.x86_64.rpm python3-unbound-1.17.1-2.mga8.x86_64.rpm i586: lib64unbound8-1.17.1-2.mga8.i586.rpm lib64unbound-devel-1.17.1-2.mga8.i586.rpm unbound-1.17.1-2.mga8.i586.rpm python3-unbound-1.17.1-2.mga8.i586.rpm
(In reply to christian barranco from comment #8) > Hi again. Should the MGA9 package be corrected as well? It has been updated > quite some time ago already. Yes, the m9 version needs the same fix. Even if it didn't need the fix, the Release would have needed bumping to ensure it will replace the m8 version While testing shows m8 is now ok as the readme is available after installing using rpmdrake and it's working without dnscrypt-proxy, validation should wait until the m9/cauldron version is in place. On m8 ... $ systemctl status unbound.service|grep Active Active: active (running) since Fri 2023-03-31 16:54:11 EDT; 14min ago $ nslookup mageia.org|grep -e ^S -e ^A Server: ::1 Address: ::1#53 Address: 163.172.148.228 Address: 2001:bc8:628:1f00::1
Whiteboard: (none) => MGA8-64-OK
BTW: the file to be changed is /etc/unbound/unbound.conf, not /etc/unbound.conf as stated in Comment 4. Works OK now. $ dig mageia.org ; <<>> DiG 9.11.37Mageia-1.1.mga8 <<>> mageia.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14844 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;mageia.org. IN A ;; ANSWER SECTION: mageia.org. 1515 IN A 163.172.148.228 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Apr 01 14:45:28 CEST 2023 ;; MSG SIZE rcvd: 55
(In reply to Herman Viaene from comment #11) > BTW: the file to be changed is /etc/unbound/unbound.conf, not > /etc/unbound.conf as stated in Comment 4. Yes, I have considered that already. Cauldron is updated. Well, as soon as the freeze move is done.
Why the packager, me has not been put into the loop? unbound is configured to work with dnsproxy, dnsproxy recommends unbound. Now this is broken :(
CC: (none) => eatdirt
Sorry Chris. I just wanted to reflect the MGA9 change into MGA8, which has been left behind. Then a bug was reported, as unbound configuration is currently very specific and linked to dnsproxy. Unbound doesn't work out of the box. See https://bugs.mageia.org/show_bug.cgi?id=31728#c5 What do you propose? Should the use of dnsproxy be enforced with unbound? If so, some explanations to the users are required.
No that's fine, your README.urpmi is enough for people wanting to configure unbound. I am ok with your changes, I was just not ok with the "method". When there is a packager, he should be in the loop. So let us ship unbound as it is now. PS: moreover, the config(noreplace) ensures that previous users will still have a working configuration with dnscrpt-proxy. Cheers.
Validation still on hold as cauldron freeze move still pending.
(In reply to Chris Denice from comment #15) > No that's fine, your README.urpmi is enough for people wanting to configure > unbound. I am ok with your changes, I was just not ok with the "method". > When there is a packager, he should be in the loop. So let us ship unbound > as it is now. > Indeed; apologies.
Please request the freeze move again. unbound-1.17.1-2.mga9.src.rpm is still in updates testing for cauldron.
Validating now that freeze move has been completed.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2023-0032.html
Status: NEW => RESOLVEDResolution: (none) => FIXED