"include:" line in server block errors out

Question

"include:" line in server block errors out

nitrogen76 opened this issue 8 months ago · 4 comments

Describe the bug
After upgrading to "unbound-1.16.2-5.el8_9.6.x86_64" on oracle linux 8, previously working configs stopped working. These configs started erroring out when an "include: " line was present within the "server:" stanza. This also happens in the latest version (1.20) that i compiled.

the documentation say the "include:" line can be anywhere, and the current versions of the puppet module have no way to put this config line anywhere outside of the server: stanza.

Was this intentional, to keep the "include:" line out of server: stanzas, and in its own, or was this unintentional?

To reproduce
Steps to reproduce the behavior:

upgrade to a version later than unbound-1.16.2-5.el8_9.6.x86_64
put a like like

   unblock-lan-zones: yes
   insecure-lan-zones: yes

  include: "/etc/unbound/conf.d/*.conf"
  fast-server-num: 1

run unbound-checkconf
observe "syntax error" at the line right after the "include:" directive

Expected behavior
A clear and concise description of what you expected to happen.

I expected the same behavior as in previous versions, where the "include: " line could be located anywhere

System:

Unbound version: unbound-1.16.2-5.el8_9.6, up thrugh Unbound 1.20.0
OS: Oracle Linux 8
unbound -V output: Version 1.16.2

Additional information
Add any other information that you may have gathered about the issue here.

Answer 1 · 2024-08-13T13:40:08.000Z

In 1.11.0, there is the new include-toplevel: "file" statement. This one forces the statement after it to start a clause. The include: directive should continue to work as is. What happens is that text in included files can start a new clause, say 'remote-control:' or another one, and then where the include ends, that is also the remote-control clause. This causes the included files to influence each other with respect to what clause the information is in. To stop that the include-toplevel was introduced, that is specifically for the wildcard include that is in the issue ticket. That stops that include files, the previous include, makes the section different and then the next include file has a syntax error, by enforcing them to all start at the toplevel. Otherwise also the order of the includes would matter, for what section.

So in this case, the contents of the includes would matter to figure out the syntax error. It may be better to move to use the new include-toplevel: "file" method. And then it would be necessary to explicitly state what clause is after it, so that needs the 'server:' after that. The 'include:' continues to be possible everywhere, but this type of syntax error then is the result of the previous config included file's content and what clause it starts.

Answer 2 · 2024-08-13T13:52:20.000Z

Problem is, i get the same behavior if I use include-toplevel: in the same place. Does the include-toplevel support file globbing? e.g.
include-toplevel: "/etc/unbound/conf.d/*.conf"

Answer 3 · 2024-08-13T13:54:39.000Z

Well, after the include-toplevel a new clause has to be started, by setting a line with 'server:' on it after the include-toplevel: "file" line. Otherwise, what is the syntax error precisely, and then the contents of the file, perhaps included, before it, because that is what can make the clause-related syntax error.

Answer 4 · 2024-08-13T13:57:10.000Z

Ok, got it. That makes sense.

Seems like the bigger problem is with the puppet module which doesn't seem to allow me to be specific with how the "include (or include-toplevel) is used, so i've also opened a issue with them.

Thank you so much for your quick help and explanation.