[Unbound-users] Lots of logging
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Tue Jun 25 07:16:11 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Mike,
On 06/19/2013 07:49 PM, Mike. wrote:
> On 6/19/2013 at 9:27 AM W.C.A. Wijngaards wrote:
>
> |-----BEGIN PGP SIGNED MESSAGE----- |Hash: SHA1 | |Hi Mike, | |The
> operating system tells unbound that it cannot send to a 'normal'
> |IP address. (unbound has do-not-query and access-control in its
> |config to block IPs you do not like). | |If you have a strange
> setup and traffic from clients not on localhost |arrives to
> 127.0.0.1 and unbound tries to answer back, then this error |is
> normal for trying to send to 192... with source address 127.0.0.1.
> | |Otherwise, this must be traffic that unbound sends to
> nameservers |('upstream'). If you dig @192.203.230.10 , is that
> also operation not |permitted? | |This error is not throttled by
> verbosity, because it is likely a local |misconfiguration. The OS
> disallows network access to unbound ... | |Best regards, |
> Wouter =============
>
>
> Hi Wouter,
>
> I noticed the same excessive logging one time on another server
> (FreeBSD 9.1, unbound 1.4.18). I was doing some minor rack
> reconfiguration, and I unplugged the network cable from the server
> running unbound for a couple of seconds. I saw a similar flood of
> log messages during the time that the network cable was unplugged.
>
> In the case I posted yesterday, perhaps the network was not yet
> available when unbound started up, and for the two seconds until
> the network became available, unbound flooded the log with error
> messages. After those two seconds, unbound's logging was fine, and
> as expected.
>
> So in my experiences, it appears that unbound does the excessive
> logging when DNS queries are being made and the network goes away,
> or is not available.
>
>
> My question through all this is: what is an appropriate volume of
> logging for a program when that program experiences a network
> issue? In my opinion a logging rate of 20 messages in a millisecond
> (20,000 messages per second) might be a bit excessive. A single
> "no network interface available", or something along those lines,
> might be more appropriate and helpful.
That is excessive. So, the message is printed if you set verbosity
higher (2 = per query verbose). If people need to debug they try to
set verbosity higher and can then get a dose of these errors if they
have them. (you can briefly set verbosity higher and lower using
unbound-control).
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJRyUO3AAoJEJ9vHC1+BF+N8GoP/3r+SK+7JF47crz9HjF1BYMf
rLFh9NqDbs5xh6avBr047HlACjycci7DbACVLy1VFxsoAlhfhEVjz1lia3ymWKsj
HJ/RyEqWlhGtXX3wLT5ZltppH1AXZWYu1OsYVsFbwIikkKMA4slUldzVnanV1KrF
k+ho+fSNcMxn3EO03RwAx0d/RJ7Y7kkCOj5aCvgy8Gv/Ro8iu6KNexkdTA1hGqEi
s0MKVQLOHDvPrLDhZ+/wOd6xyx+dteP+IW79WgLehVSLj8neYC8iuJTVUVtIOJn4
kykJiIh93AF9vkeLptBSDluxVlLHwzMcR5fPoQ0qJFdQypZ9TIHXwm+Saroa/KA8
Jyi8dtJEjmz1Fqx8JcxPKJkM8GNtKUFOi8DM8wzzb9cxDyE3nEQtSeUHPpSCiixK
kTJBgtl8T7JUm/fL/uJ5VvgTkK998uQ+QjVcOsF3fuw49WhNsbpqiP0ajQMrgI+2
Yky4FZpF8fk8Filnv1Wa6Dl7iN8N+v3gQKc9YcV84Sp/y4h6PA86sItpA52ty2lK
3c69ui3DTY7VMf00APmnjom/4R9O4sa+VA6yHk3gA5xIOpKnEqrioxPcd4O2M/5n
/mYVy7UYHXsJl+bEDcFe2wOer6NHX/dduaRQNPvCKtoZtRc1ph0YQqBqaN968gzz
TTNVH1HEBkOz2968QX05
=VsuB
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list