enabling interface-automatic disables DNS-over-TLS

[philpennock]

Describe the bug

When interface-automatic: yes is set, the manually-configured list of interfaces, including those listening on other service ports such as 853 for DNS-over-TLS, is ignored.

Unbound won't/can't offer DNS-over-TLS if interface-automatic is enabled.

To reproduce
Steps to reproduce the behavior:

1. Setup DNS-over-TLS, confirm working
2. Set interface-automatic: yes and restart
3. See that the DNS-over-TLS settings are silently ignored

Expected behavior

Either a merging of the explicit and implicit settings, or an error message on start-up.

I think that a clean solution is likely to require a rethink of the experiment interface-automatic feature. I need this feature more than I need DNS-over-TLS, so am running with the TLS support silently disabled.

My tentative thinking is that interface-automatic: might need to be a new interface-automatic-ports: 53 853

System:

• Unbound version: 1.14.0
• OS: Ubuntu 20.04.3 LTS
• unbound -V output: see details collapsed section

details: `unbound -V` output

Version 1.14.0
Configure line: --prefix=/opt/unbound --with-ssl --enable-pie --enable-relro-now --enable-subnet --with-libevent --enable-systemd --enable-tfo-client --enable-tfo-server --enable-dnstap

Linked libs: libevent 2.1.11-stable (it uses epoll), OpenSSL 1.1.1f  31 Mar 2020

Linked modules: dns64 subnetcache respip validator iterator

TCP Fastopen feature available

Additional information

Originally reported on the mailing-list, first as question and then as a bug-report there, filing a GH Issue per website.

[wcawijngaards]

The commit fixes it by adding the option to list the port numbers in interface-automatic-ports: "53 853". It should also work for https or extra port numbers for UDP and TCP.