On 6/25/2013 at 9:16 AM W.C.A. Wijngaards wrote: |-----BEGIN PGP SIGNED MESSAGE----- |Hash: SHA1 | |Hi Mike, | |On 06/19/2013 07:49 PM, Mike. wrote: |> On 6/19/2013 at 9:27 AM W.C.A. Wijngaards wrote: |> |> |-----BEGIN PGP SIGNED MESSAGE----- |Hash: SHA1 | |Hi Mike, | |The |> operating system tells unbound that it cannot send to a 'normal' |> |IP address. (unbound has do-not-query and access-control in its |> |config to block IPs you do not like). | |If you have a strange |> setup and traffic from clients not on localhost |arrives to |> 127.0.0.1 and unbound tries to answer back, then this error |is |> normal for trying to send to 192... with source address 127.0.0.1. |> | |Otherwise, this must be traffic that unbound sends to |> nameservers |('upstream'). If you dig @22.214.171.124 , is that |> also operation not |permitted? | |This error is not throttled by |> verbosity, because it is likely a local |misconfiguration. The OS |> disallows network access to unbound ... | |Best regards, | |> Wouter ============= |> |> |> Hi Wouter, |> |> I noticed the same excessive logging one time on another server |> (FreeBSD 9.1, unbound 1.4.18). I was doing some minor rack |> reconfiguration, and I unplugged the network cable from the server |> running unbound for a couple of seconds. I saw a similar flood of |> log messages during the time that the network cable was unplugged. |> |> In the case I posted yesterday, perhaps the network was not yet |> available when unbound started up, and for the two seconds until |> the network became available, unbound flooded the log with error |> messages. After those two seconds, unbound's logging was fine, and |> as expected. |> |> So in my experiences, it appears that unbound does the excessive |> logging when DNS queries are being made and the network goes away, |> or is not available. |> |> |> My question through all this is: what is an appropriate volume of |> logging for a program when that program experiences a network |> issue? In my opinion a logging rate of 20 messages in a millisecond |> (20,000 messages per second) might be a bit excessive. A single |> "no network interface available", or something along those lines, |> might be more appropriate and helpful. | |That is excessive. So, the message is printed if you set verbosity |higher (2 = per query verbose). If people need to debug they try to |set verbosity higher and can then get a dose of these errors if they |have them. (you can briefly set verbosity higher and lower using |unbound-control). ============= Just be clear... I was seeing the excessive logging with verbosity set to 1 Thanks for the follow-up.