Maintained by: NLnet Labs

unbound generating too many log messages

Mike
Tue Jan 19 16:37:48 CET 2016


On 1/19/2016 10:20 AM, Taylor R Campbell via Unbound-users wrote:
>    Date: Tue, 19 Jan 2016 13:05:09 +0100
>    From: Dag-Erling Smørgrav via Unbound-users <unbound-users at unbound.net>
> 
>    Philippe Meunier via Unbound-users <unbound-users at unbound.net> writes:
>    > After booting, unbound and ntpd both start without problem.  Then ntpd
>    > automatically starts trying to contact NTP servers from pool.ntp.org,
>    > which triggers DNS queries.  In turn unbound tries to contact root DNS
>    > servers and fails since no network interface is configured yet.
> 
>    That shouldn't happen.  OpenBSD's /etc/rc doesn't start unbound and ntpd
>    until after /etc/netstart, which configures your network interfaces.
>    The order is roughly pf (stub ruleset) - netstart - pf (real ruleset) -
>    early daemons (including unbound and ntpd) - ipsec - rpc, nis and nfs -
>    everything else.
> 
> That's irrelevant to the issue Philippe raised.  The network is not
> always available, no matter how well you configure your system or
> engineer your software.  The problem here is that when the network is
> down, Unbound spews junk to its log as fast as it can.
> 
>[snip]

At one point, on this mailing list I documented 20,000 syslog messages
per second from unbound when the network interface was unavailable for a
couple of seconds.
http://marc.info/?l=unbound-users&m=137166462329717&w=2

While unbound logging has improved a bit since then, I still see far too
many essentially duplicate syslog messages for a single network
unavailable event.

If I need high volume logging for troubleshooting, I'll increase the
logging verbosity.  Logging should be something that is helpful, not
something I cringe about.