New log noise re udp connect (Re: Unbound 1.13.0 released)

Wouter Wijngaards wouter at nlnetlabs.nl
Fri Dec 4 11:49:19 UTC 2020


Hi Phil,

On 04/12/2020 11:58, Phil Pennock via Unbound-users wrote:
> On 2020-12-03 at 10:11 +0100, Wouter Wijngaards via Unbound-users wrote:
>> This version has fixes to connect for UDP sockets, slowing down
>> potential ICMP side channel leakage.  The fix can be controlled with the
>> option udp-connect: yes, it is enabled by default.
> 
> This is great stuff.  One piece of fallout, mentioned in case it helps
> others: at home, I use IPv6 locally but don't have IPv6 global
> connectivity, so was relying upon Unbound handling absent reachable
> addresses just fine.

There is a fix in the code repository for this.
 https://github.com/NLnetLabs/unbound/commit/5906811ff19f005110b2edbda5aa144ad5fa05b1
It ignores this log chatter at low verbosity.

Best regards, Wouter

> 
> Without configuration changes, this new behavior results in a lot of
> logging of the form:
> 
>   udp connect failed: Network is unreachable for [...]
> 
> To fix it, while leaving IPv6 available to clients on local net, I made
> a change I probably should have done ages ago:
> 
>     do-not-query-address: ::/0
>     prefer-ip4: yes
> 
> That is, leave "do-ip6: yes" in place, but then tell the resolver to not
> query any IPv6 address, and to not try that first anyway.
> 
> With this change, the new log spam has gone away.
> 
> -Phil
> 


More information about the Unbound-users mailing list