[Unbound-users] Lots of logging
wouter at nlnetlabs.nl
Tue Jun 25 07:16:11 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 06/19/2013 07:49 PM, Mike. wrote:
> On 6/19/2013 at 9:27 AM W.C.A. Wijngaards wrote:
> |-----BEGIN PGP SIGNED MESSAGE----- |Hash: SHA1 | |Hi Mike, | |The
> operating system tells unbound that it cannot send to a 'normal'
> |IP address. (unbound has do-not-query and access-control in its
> |config to block IPs you do not like). | |If you have a strange
> setup and traffic from clients not on localhost |arrives to
> 127.0.0.1 and unbound tries to answer back, then this error |is
> normal for trying to send to 192... with source address 127.0.0.1.
> | |Otherwise, this must be traffic that unbound sends to
> nameservers |('upstream'). If you dig @220.127.116.11 , is that
> also operation not |permitted? | |This error is not throttled by
> verbosity, because it is likely a local |misconfiguration. The OS
> disallows network access to unbound ... | |Best regards, |
> Wouter =============
> Hi Wouter,
> I noticed the same excessive logging one time on another server
> (FreeBSD 9.1, unbound 1.4.18). I was doing some minor rack
> reconfiguration, and I unplugged the network cable from the server
> running unbound for a couple of seconds. I saw a similar flood of
> log messages during the time that the network cable was unplugged.
> In the case I posted yesterday, perhaps the network was not yet
> available when unbound started up, and for the two seconds until
> the network became available, unbound flooded the log with error
> messages. After those two seconds, unbound's logging was fine, and
> as expected.
> So in my experiences, it appears that unbound does the excessive
> logging when DNS queries are being made and the network goes away,
> or is not available.
> My question through all this is: what is an appropriate volume of
> logging for a program when that program experiences a network
> issue? In my opinion a logging rate of 20 messages in a millisecond
> (20,000 messages per second) might be a bit excessive. A single
> "no network interface available", or something along those lines,
> might be more appropriate and helpful.
That is excessive. So, the message is printed if you set verbosity
higher (2 = per query verbose). If people need to debug they try to
set verbosity higher and can then get a dose of these errors if they
have them. (you can briefly set verbosity higher and lower using
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Unbound-users