Maintained by: NLnet Labs

unbound generating too many log messages

W.C.A. Wijngaards
Tue Jan 19 16:41:08 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Taylor,

On 19/01/16 16:20, Taylor R Campbell via Unbound-users wrote:
> Date: Tue, 19 Jan 2016 13:05:09 +0100 From: Dag-Erling Smørgrav via
> Unbound-users <unbound-users at unbound.net>
> 
> Philippe Meunier via Unbound-users <unbound-users at unbound.net>
> writes:
>> After booting, unbound and ntpd both start without problem.  Then
>> ntpd automatically starts trying to contact NTP servers from
>> pool.ntp.org, which triggers DNS queries.  In turn unbound tries
>> to contact root DNS servers and fails since no network interface
>> is configured yet.
> 
> That shouldn't happen.  OpenBSD's /etc/rc doesn't start unbound and
> ntpd until after /etc/netstart, which configures your network
> interfaces. The order is roughly pf (stub ruleset) - netstart - pf
> (real ruleset) - early daemons (including unbound and ntpd) - ipsec
> - rpc, nis and nfs - everything else.
> 
> That's irrelevant to the issue Philippe raised.  The network is
> not always available, no matter how well you configure your system
> or engineer your software.  The problem here is that when the
> network is down, Unbound spews junk to its log as fast as it can.
> 
> For years I've seen exactly the same issue as Philippe reported,
> and I asked about it on unbound-users a long time ago with no
> response:
> 
> https://www.unbound.net/pipermail/unbound-users/2011-March/001720.html
>
>  I have more or less worked around it by using daemontools
> multilog instead of syslog in order to reliably limit the size and
> throughput of the log files and to prevent them from interfering
> with other logs. But that's a workaround, not a fix.

There was already a similar for for permission denied spammed when the
network was down.  But your system returns a different errno in that
situation.  I have squelched the errno EADDRNOTAVAIL (Cannot assign
requested address): it is hidden when verbosity is low, visible if you
increase the verbosity.  That hopefully keeps Philippe's logs clean.

Best regards, Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWnlkPAAoJEJ9vHC1+BF+NquQQAIKuvjjO9IUxkNYYPrX3TEFh
l+oCazjvu2awiKxx574vkZqkt8FR9JwyBQdl137Fu+LOrooNWRyo2CqH1hS3rBtu
PJWGy+okgLyhFuprJYBcRz39AjjBfuAJFj9JhAPz2UoVH7iz+CnKJ64ZRbPd8Asv
8IBKwunUNvYzrfZkwJNlsvWpktUy/3zzTsA0CV7Mqqwnz8dEgARTX02Ii4LFON6W
VD7glCCBbCZh1c4yp83pNBGW0Gu2004mG1/9QxpGbWMtfFlgY3ShSiCYKXZtEU64
EN1pH/oXgBC3SfAIiPU0hEk4SCkL6ZUgOKGhFGWqsLhfrOLBrW6rBOCu+/ahjWJ0
aHzE3Hk9zCPnDxaBBQ7857U+sjlAVmZaPfIbBHL6jGDTYRhNsj16J2bk2fPiB1mu
QNNHRgsgq/v2pLYHK3WEgYW1cvbX8Mm9Ixshk2fX+Cszo1JWKNF5TUm4qe1D2Y+U
J4/wrTrWzOizL+QgMXV5QFLXRToMZgwJy/IMQocxDHFLZnXn/mh/CR9ny7G8/GbE
hZNuiWKhqBslCIvw21kwaUp2P/hsldV+f2FmOcy2NW+mL/igw1CWw7eu2q8hSoYL
ugtUth5+/HOWvNCewTdscB5owPgvrOk4Qk/O/VV1kfYzO5UOE0xFHj+YyM9R4USj
VztHSHIGtwY7LhEzoVCp
=TslG
-----END PGP SIGNATURE-----