[Unbound-users] multicast address alerts in logs
Alexander Clouter
alex at digriz.org.uk
Sat Mar 26 09:38:26 UTC 2011
* Michael Watters <wattersmt at gmail.com> [2011-03-25 17:38:27-0400]:
>
> > Leave tcpdump running on a resolver and wait for the misconfigured
> > offender to appear. Use one of the following:
> > ----
> > tcpdump -i bond0 -n -p port 53 -s 0 -w /tmp/dump.pcap
> > tcpdump -i bond0 -n -p port 53 -s 0 -w - -U | tee /tmp/dump.pcap | tcpdump -r - -n
> > ----
> >
> > Good hunting :)
>
> This may be problematic on DNS nodes that are handling thousands of
> queries per second.
>
I doubt it, what matters is the amount of data going through and if your
harddisk can keep up with the pace, I doubt you are pushing 30MB/s :)
As it's high-throughput I recommend you go with the first command (the
second one will chock your computer/terminal).
> Is there a way to make unbound log what lookups are causing these
> messages?
>
Patch the source I imagine, you might be able to do something with the
python bindings though.
Cheers
--
Alexander Clouter
.sigmonster says: Every time I think I know where it's at, they move it.
More information about the Unbound-users
mailing list