Maintained by: NLnet Labs

[Unbound-users] Lots of logging

Tue Jun 25 17:08:02 CEST 2013

On 6/25/2013 at 9:16 AM W.C.A. Wijngaards wrote:

|Hash: SHA1
|Hi Mike,
|On 06/19/2013 07:49 PM, Mike. wrote:
|> On 6/19/2013 at 9:27 AM W.C.A. Wijngaards wrote:
|> |-----BEGIN PGP SIGNED MESSAGE----- |Hash: SHA1 | |Hi Mike, | |The
|> operating system tells unbound that it cannot send to a 'normal' 
|> |IP address.  (unbound has do-not-query and access-control in its 
|> |config to block IPs you do not like). | |If you have a strange
|> setup and traffic from clients not on localhost |arrives to
|> and unbound tries to answer back, then this error |is
|> normal for trying to send to 192... with source address 
|> | |Otherwise, this must be traffic that unbound sends to
|> nameservers |('upstream').  If you dig @ , is that
|> also operation not |permitted? | |This error is not throttled by
|> verbosity, because it is likely a local |misconfiguration.  The OS
|> disallows network access to unbound ... | |Best regards, |
|> Wouter =============
|> Hi Wouter,
|> I noticed the same excessive logging one time on another server 
|> (FreeBSD 9.1, unbound 1.4.18).   I was doing some minor rack 
|> reconfiguration, and I unplugged the network cable from the server 
|> running unbound for a couple of seconds.  I saw a similar flood of
|> log messages during the time that the network cable was unplugged.
|> In the case I posted yesterday, perhaps the network was not yet 
|> available when unbound started up, and for the two seconds until
|> the network became available, unbound flooded the log with error
|> messages. After those two seconds, unbound's logging was fine, and
|> as expected.
|> So in my experiences, it appears that unbound does the excessive 
|> logging when DNS queries are being made and the network goes away,
|> or is not available.
|> My question through all this is: what is an appropriate volume of 
|> logging for a program when that program experiences a network
|> issue? In my opinion a logging rate of 20 messages in a millisecond
|> (20,000 messages per second) might be a bit excessive.  A single
|> "no network interface available", or something along those lines,
|> might be more appropriate and helpful.
|That is excessive.  So, the message is printed if you set verbosity
|higher (2 = per query verbose).  If people need to debug they try to
|set verbosity higher and can then get a dose of these errors if they
|have them.  (you can briefly set verbosity higher and lower using

Just be clear... 

I was seeing the excessive logging with verbosity set to 1

Thanks for the follow-up.