[Unbound-users] Lots of logging
the.lists at mgm51.com
Wed Jun 19 17:49:45 UTC 2013
On 6/19/2013 at 9:27 AM W.C.A. Wijngaards wrote:
|-----BEGIN PGP SIGNED MESSAGE-----
|The operating system tells unbound that it cannot send to a 'normal'
|IP address. (unbound has do-not-query and access-control in its
|config to block IPs you do not like).
|If you have a strange setup and traffic from clients not on localhost
|arrives to 127.0.0.1 and unbound tries to answer back, then this error
|is normal for trying to send to 192... with source address 127.0.0.1.
|Otherwise, this must be traffic that unbound sends to nameservers
|('upstream'). If you dig @18.104.22.168 , is that also operation not
|This error is not throttled by verbosity, because it is likely a local
|misconfiguration. The OS disallows network access to unbound ...
I noticed the same excessive logging one time on another server
(FreeBSD 9.1, unbound 1.4.18). I was doing some minor rack
reconfiguration, and I unplugged the network cable from the server
running unbound for a couple of seconds. I saw a similar flood of log
messages during the time that the network cable was unplugged.
In the case I posted yesterday, perhaps the network was not yet
available when unbound started up, and for the two seconds until the
network became available, unbound flooded the log with error messages.
After those two seconds, unbound's logging was fine, and as expected.
So in my experiences, it appears that unbound does the excessive
logging when DNS queries are being made and the network goes away, or
is not available.
My question through all this is: what is an appropriate volume of
logging for a program when that program experiences a network issue?
In my opinion a logging rate of 20 messages in a millisecond (20,000
messages per second) might be a bit excessive. A single "no network
interface available", or something along those lines, might be more
appropriate and helpful.
More information about the Unbound-users