Maintained by: NLnet Labs

[Unbound-users] Lots of logging

Wed Jun 19 19:49:45 CEST 2013

On 6/19/2013 at 9:27 AM W.C.A. Wijngaards wrote:

|Hash: SHA1
|Hi Mike,
|The operating system tells unbound that it cannot send to a 'normal'
|IP address.  (unbound has do-not-query and access-control in its
|config to block IPs you do not like).
|If you have a strange setup and traffic from clients not on localhost
|arrives to and unbound tries to answer back, then this error
|is normal for trying to send to 192... with source address
|Otherwise, this must be traffic that unbound sends to nameservers
|('upstream').  If you dig @ , is that also operation not
|This error is not throttled by verbosity, because it is likely a local
|misconfiguration.  The OS disallows network access to unbound ...
|Best regards,
|   Wouter

Hi Wouter,

I noticed the same excessive logging one time on another server
(FreeBSD 9.1, unbound 1.4.18).   I was doing some minor rack
reconfiguration, and I unplugged the network cable from the server
running unbound for a couple of seconds.  I saw a similar flood of log
messages during the time that the network cable was unplugged.

In the case I posted yesterday, perhaps the network was not yet
available when unbound started up, and for the two seconds until the
network became available, unbound flooded the log with error messages.
After those two seconds, unbound's logging was fine, and as expected.

So in my experiences, it appears that unbound does the excessive
logging when DNS queries are being made and the network goes away, or
is not available.  

My question through all this is: what is an appropriate volume of
logging for a program when that program experiences a network issue?
In my opinion a logging rate of 20 messages in a millisecond (20,000
messages per second) might be a bit excessive.  A single "no network
interface available", or something along those lines, might be more
appropriate and helpful.