From af73a9b9a476087e16b591a8ba5d42ca57b1543d Mon Sep 17 00:00:00 2001
From: Eric Luehrsen <ericluehrsen@gmail.com>
Date: Sat, 13 Jun 2020 15:06:20 -0400
Subject: [PATCH] unbound: make option interface_auto default on

Unbound has a quirk and may reply on a different device address.
When Unbound answers with from-address different than it
received queries on, it may cause trouble for select VPN and
firewall configurations. Ensure Unbound replies with the same
address by changing this default.

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
---
 net/unbound/Makefile          | 2 +-
 net/unbound/files/README.md   | 2 +-
 net/unbound/files/unbound.sh  | 4 ++--
 net/unbound/files/unbound.uci | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 0afb0e1c8..fff82d1d1 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.10.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound
diff --git a/net/unbound/files/README.md b/net/unbound/files/README.md
index 52378d5c5..ec06de5a0 100644
--- a/net/unbound/files/README.md
+++ b/net/unbound/files/README.md
@@ -261,7 +261,7 @@ config unbound
     Boolean. If enabled version.server, version.bind, id.server, and
     hostname.bind queries are refused.
 
-  option interface_auto '0'
+  option interface_auto '1'
     Boolean. If enabled DNS replies will have the same source address as
     the request was sent to.
 
diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index 5cc959b7f..a57d81d4e 100644
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -36,7 +36,7 @@ UB_B_NTP_BOOT=1
 UB_B_QUERY_MIN=0
 UB_B_QRY_MINST=0
 UB_B_AUTH_ROOT=0
-UB_B_IF_AUTO=0
+UB_B_IF_AUTO=1
 
 UB_D_CONTROL=0
 UB_D_DOMAIN_TYPE=static
@@ -1214,7 +1214,7 @@ unbound_uci() {
   config_get_bool UB_B_LOCL_BLCK  "$cfg" rebind_localhost 0
   config_get_bool UB_B_DNSSEC     "$cfg" validator 0
   config_get_bool UB_B_NTP_BOOT   "$cfg" validator_ntp 1
-  config_get_bool UB_B_IF_AUTO    "$cfg" interface_auto 0
+  config_get_bool UB_B_IF_AUTO    "$cfg" interface_auto 1
 
   config_get UB_IP_DNS64    "$cfg" dns64_prefix "64:ff9b::/96"
 
diff --git a/net/unbound/files/unbound.uci b/net/unbound/files/unbound.uci
index b75381f96..12809b95d 100644
--- a/net/unbound/files/unbound.uci
+++ b/net/unbound/files/unbound.uci
@@ -11,6 +11,7 @@ config unbound
 	option edns_size '1280'
 	option extended_stats '0'
 	option hide_binddata '1'
+	option interface_auto '1'
 	option listen_port '53'
 	option localservice '1'
 	option manual_conf '0'
@@ -28,7 +29,6 @@ config unbound
 	option validator '0'
 	option validator_ntp '1'
 	option verbosity '1'
-	option interface_auto '0'
 	list trigger_interface 'lan'
 	list trigger_interface 'wan'
 	#list domain_insecure 'ntp.example.com'