New log noise re udp connect (Re: Unbound 1.13.0 released)

Phil Pennock unbound-users+phil at spodhuis.org
Fri Dec 4 10:58:06 UTC 2020


On 2020-12-03 at 10:11 +0100, Wouter Wijngaards via Unbound-users wrote:
> This version has fixes to connect for UDP sockets, slowing down
> potential ICMP side channel leakage.  The fix can be controlled with the
> option udp-connect: yes, it is enabled by default.

This is great stuff.  One piece of fallout, mentioned in case it helps
others: at home, I use IPv6 locally but don't have IPv6 global
connectivity, so was relying upon Unbound handling absent reachable
addresses just fine.

Without configuration changes, this new behavior results in a lot of
logging of the form:

  udp connect failed: Network is unreachable for [...]

To fix it, while leaving IPv6 available to clients on local net, I made
a change I probably should have done ages ago:

    do-not-query-address: ::/0
    prefer-ip4: yes

That is, leave "do-ip6: yes" in place, but then tell the resolver to not
query any IPv6 address, and to not try that first anyway.

With this change, the new log spam has gone away.

-Phil


More information about the Unbound-users mailing list