New log noise re udp connect (Re: Unbound 1.13.0 released)
Wouter Wijngaards
wouter at nlnetlabs.nl
Fri Dec 4 11:49:19 UTC 2020
Hi Phil,
On 04/12/2020 11:58, Phil Pennock via Unbound-users wrote:
> On 2020-12-03 at 10:11 +0100, Wouter Wijngaards via Unbound-users wrote:
>> This version has fixes to connect for UDP sockets, slowing down
>> potential ICMP side channel leakage. The fix can be controlled with the
>> option udp-connect: yes, it is enabled by default.
>
> This is great stuff. One piece of fallout, mentioned in case it helps
> others: at home, I use IPv6 locally but don't have IPv6 global
> connectivity, so was relying upon Unbound handling absent reachable
> addresses just fine.
There is a fix in the code repository for this.
https://github.com/NLnetLabs/unbound/commit/5906811ff19f005110b2edbda5aa144ad5fa05b1
It ignores this log chatter at low verbosity.
Best regards, Wouter
>
> Without configuration changes, this new behavior results in a lot of
> logging of the form:
>
> udp connect failed: Network is unreachable for [...]
>
> To fix it, while leaving IPv6 available to clients on local net, I made
> a change I probably should have done ages ago:
>
> do-not-query-address: ::/0
> prefer-ip4: yes
>
> That is, leave "do-ip6: yes" in place, but then tell the resolver to not
> query any IPv6 address, and to not try that first anyway.
>
> With this change, the new log spam has gone away.
>
> -Phil
>
More information about the Unbound-users
mailing list