[Unbound-users] multicast address alerts in logs
Michael Watters
wattersmt at gmail.com
Fri Mar 25 21:38:27 UTC 2011
> Leave tcpdump running on a resolver and wait for the misconfigured
> offender to appear. Use one of the following:
> ----
> tcpdump -i bond0 -n -p port 53 -s 0 -w /tmp/dump.pcap
> tcpdump -i bond0 -n -p port 53 -s 0 -w - -U | tee /tmp/dump.pcap | tcpdump -r - -n
> ----
>
> Good hunting :)
>
> Cheers
>
> --
> Alexander Clouter
> .sigmonster says: Future looks spotty. You will spill soup in late evening.
This may be problematic on DNS nodes that are handling thousands of
queries per second. Is there a way to make unbound log what lookups
are causing these messages?
More information about the Unbound-users
mailing list