Maintained by: NLnet Labs

[Unbound-users] multicast address alerts in logs

Michael Watters
Fri Mar 25 22:38:27 CET 2011


> Leave tcpdump running on a resolver and wait for the misconfigured
> offender to appear.  Use one of the following:
> ----
> tcpdump -i bond0 -n -p port 53 -s 0 -w /tmp/dump.pcap
> tcpdump -i bond0 -n -p port 53 -s 0 -w - -U | tee /tmp/dump.pcap | tcpdump -r - -n
> ----
>
> Good hunting :)
>
> Cheers
>
> --
> Alexander Clouter
> .sigmonster says: Future looks spotty.  You will spill soup in late evening.

This may be problematic on DNS nodes that are handling thousands of
queries per second.  Is there a way to make unbound log what lookups
are causing these messages?