dietpi-software: Unbound: disable ECS by default

matching new Unbound upstream defaults: NLnetLabs/unbound@35dbbcb

This also mutes two startup warnings: #7539 (comment)
The warnings can be ignored, are more informational than indicating any problem. But as of the upstream commit, the ECS module should be disabled by default for other reasons.

Author: MichaIng

.conf/dps_182/unbound.conf

@@ -60,6 +60,9 @@ server:
 	# Set EDNS reassembly buffer size to match new upstream default, as of DNS Flag Day 2020 recommendation.
 	edns-buffer-size: 1232
 
+	# Disable ECS module, matching new Unbound defaults, and mute 2 warnings: https://github.com/NLnetLabs/unbound/commit/35dbbcb, https://github.com/MichaIng/DietPi/issues/7539#issuecomment-2906900497
+	module-config: "validator iterator"
+
 	# Increase incoming and outgoing query buffer size to cover traffic peaks.
 	so-rcvbuf: 4m
 	so-sndbuf: 4m

.update/patches

@@ -2190,6 +2190,13 @@ Patch_9_13()
 			G_EXEC eval 'echo '\''vm.overcommit_memory=1'\'' > /etc/sysctl.d/98-dietpi-redis.conf'
 			G_EXEC sysctl -p /etc/sysctl.d/98-dietpi-redis.conf
 		fi
+
+		# Unbound
+		if grep -q '^[[:blank:]]*aSOFTWARE_INSTALL_STATE\[182\]=2' /boot/dietpi/.installed
+		then
+			G_DIETPI-NOTIFY 2 'Disabling Unbound ECS module, matching new upstream defaults and muting two startup warnings'
+			G_CONFIG_INJECT 'module-config:' '	module-config: "validator iterator"' /etc/unbound/unbound.conf.d/dietpi.conf
+		fi
 	fi
 
 	# Check and in case prompt to change default user and software passwords, which is now enforced on first run setup as well