New log noise re udp connect (Re: Unbound 1.13.0 released)
Phil Pennock
unbound-users+phil at spodhuis.org
Fri Dec 4 10:58:06 UTC 2020
On 2020-12-03 at 10:11 +0100, Wouter Wijngaards via Unbound-users wrote:
> This version has fixes to connect for UDP sockets, slowing down
> potential ICMP side channel leakage. The fix can be controlled with the
> option udp-connect: yes, it is enabled by default.
This is great stuff. One piece of fallout, mentioned in case it helps
others: at home, I use IPv6 locally but don't have IPv6 global
connectivity, so was relying upon Unbound handling absent reachable
addresses just fine.
Without configuration changes, this new behavior results in a lot of
logging of the form:
udp connect failed: Network is unreachable for [...]
To fix it, while leaving IPv6 available to clients on local net, I made
a change I probably should have done ages ago:
do-not-query-address: ::/0
prefer-ip4: yes
That is, leave "do-ip6: yes" in place, but then tell the resolver to not
query any IPv6 address, and to not try that first anyway.
With this change, the new log spam has gone away.
-Phil
More information about the Unbound-users
mailing list