Maintained by: NLnet Labs

[Unbound-users] Lots of logging

W.C.A. Wijngaards
Tue Jun 25 09:16:11 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mike,

On 06/19/2013 07:49 PM, Mike. wrote:
> On 6/19/2013 at 9:27 AM W.C.A. Wijngaards wrote:
> 
> |-----BEGIN PGP SIGNED MESSAGE----- |Hash: SHA1 | |Hi Mike, | |The
> operating system tells unbound that it cannot send to a 'normal' 
> |IP address.  (unbound has do-not-query and access-control in its 
> |config to block IPs you do not like). | |If you have a strange
> setup and traffic from clients not on localhost |arrives to
> 127.0.0.1 and unbound tries to answer back, then this error |is
> normal for trying to send to 192... with source address 127.0.0.1. 
> | |Otherwise, this must be traffic that unbound sends to
> nameservers |('upstream').  If you dig @192.203.230.10 , is that
> also operation not |permitted? | |This error is not throttled by
> verbosity, because it is likely a local |misconfiguration.  The OS
> disallows network access to unbound ... | |Best regards, |
> Wouter =============
> 
> 
> Hi Wouter,
> 
> I noticed the same excessive logging one time on another server 
> (FreeBSD 9.1, unbound 1.4.18).   I was doing some minor rack 
> reconfiguration, and I unplugged the network cable from the server 
> running unbound for a couple of seconds.  I saw a similar flood of
> log messages during the time that the network cable was unplugged.
> 
> In the case I posted yesterday, perhaps the network was not yet 
> available when unbound started up, and for the two seconds until
> the network became available, unbound flooded the log with error
> messages. After those two seconds, unbound's logging was fine, and
> as expected.
> 
> So in my experiences, it appears that unbound does the excessive 
> logging when DNS queries are being made and the network goes away,
> or is not available.
> 
> 
> My question through all this is: what is an appropriate volume of 
> logging for a program when that program experiences a network
> issue? In my opinion a logging rate of 20 messages in a millisecond
> (20,000 messages per second) might be a bit excessive.  A single
> "no network interface available", or something along those lines,
> might be more appropriate and helpful.

That is excessive.  So, the message is printed if you set verbosity
higher (2 = per query verbose).  If people need to debug they try to
set verbosity higher and can then get a dose of these errors if they
have them.  (you can briefly set verbosity higher and lower using
unbound-control).

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRyUO3AAoJEJ9vHC1+BF+N8GoP/3r+SK+7JF47crz9HjF1BYMf
rLFh9NqDbs5xh6avBr047HlACjycci7DbACVLy1VFxsoAlhfhEVjz1lia3ymWKsj
HJ/RyEqWlhGtXX3wLT5ZltppH1AXZWYu1OsYVsFbwIikkKMA4slUldzVnanV1KrF
k+ho+fSNcMxn3EO03RwAx0d/RJ7Y7kkCOj5aCvgy8Gv/Ro8iu6KNexkdTA1hGqEi
s0MKVQLOHDvPrLDhZ+/wOd6xyx+dteP+IW79WgLehVSLj8neYC8iuJTVUVtIOJn4
kykJiIh93AF9vkeLptBSDluxVlLHwzMcR5fPoQ0qJFdQypZ9TIHXwm+Saroa/KA8
Jyi8dtJEjmz1Fqx8JcxPKJkM8GNtKUFOi8DM8wzzb9cxDyE3nEQtSeUHPpSCiixK
kTJBgtl8T7JUm/fL/uJ5VvgTkK998uQ+QjVcOsF3fuw49WhNsbpqiP0ajQMrgI+2
Yky4FZpF8fk8Filnv1Wa6Dl7iN8N+v3gQKc9YcV84Sp/y4h6PA86sItpA52ty2lK
3c69ui3DTY7VMf00APmnjom/4R9O4sa+VA6yHk3gA5xIOpKnEqrioxPcd4O2M/5n
/mYVy7UYHXsJl+bEDcFe2wOer6NHX/dduaRQNPvCKtoZtRc1ph0YQqBqaN968gzz
TTNVH1HEBkOz2968QX05
=VsuB
-----END PGP SIGNATURE-----