notice: send failed: Permission denied
Caroptions Caroptions
caroptions at hotmail.com
Mon Apr 5 21:20:26 UTC 2021
Hi,
Probably it is discussed already, then sorry for reiterating the same problem, but I couldn't find solution.
unbound 1.13.1
I block certain ASNs/IPs on firewall. unbound starts normally, then after some time flood log with messages:
unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53
unbound[90575]: [90575:2] notice: send failed: Permission denied
unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53
unbound[90575]: [90575:2] notice: send failed: Permission denied
unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53
unbound[90575]: [90575:2] notice: send failed: Permission denied
unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53
unbound[90575]: [90575:2] notice: send failed: Permission denied
unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53
the SAME ip for hours. My firewall process CPU load jumps and stays on high level. unbound process CPU load high as well.
My temporary workaround is adding:
do-not-query-address: xx.xx.xx.xx
When I add new ip to this list it stays normal for some time till unbound find new NS server IP which is blocked on firewall and all loads jumps and flood log with "notice" messages.
In my understanding unbound should stop attempting to contact specific NS if it is not reachable/down?
Thanks,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210405/092432b2/attachment.htm>
More information about the Unbound-users
mailing list