After restoring a backup of an older version of IPFire (in my case it was a very old 2.19 core update 120), unbound is not able to resolve local hosts anymore, returning NXDOMAIN. What I found out, is that after restoring the backup on both boxes the following line was missing in unbound.conf (the line was present before restoring): # Include hosts include: "/etc/unbound/hosts.conf" After adding that line back and restarting unbound, everything is working as expected now. (Maybe related to #12352)
The Include hosts line was added to the IPFire unbound.conf file in March 2020. Backups carried out prior to that change would not have included that line. A backup from Core Update 120 (April 2018) would have not included this line and therefore could not restore it. Therefore this is not a bug.
Why is unbound.conf part of the backup? It shouldn't be.
I have checked the include list in my IPFire and it has /etc/unbound listed. I have checked my backups and they include all the contents of the /etc/unbound directory. I checked in the git repository and /etc/unbound was added to the backup/include list in Oct 2016. From your comment do I take it that I should raise a patch to remove /etc/unbound from the include list
Hmm, very good question. I suppose the intention was to have hosts.conf and some other files backed up. Maybe we should just add unbound.conf to the exclude list so that it won't be restored from existing backups any more?!
(In reply to Michael Tremer from comment #4) > Hmm, very good question. > > I suppose the intention was to have hosts.conf and some other files backed > up. Maybe we should just add unbound.conf to the exclude list so that it > won't be restored from existing backups any more?! I will raise a patch to do that.
Patch to add unbound.conf to the exclude list has been submitted. https://patchwork.ipfire.org/patch/4376/
Resetting this back to ASSIGNED since the patch has not been merged yet.
Patch has been committed into next (Core Update 161) https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=d2c2025b3d0271d3afdccc43b550a07b59480c94
Patch has been released for testing in Core Update 161 https://blog.ipfire.org/post/ipfire-2-27-core-update-161-available-for-testing
https://blog.ipfire.org/post/ipfire-2-27-core-update-161-released