Hi Phil, On 04/12/2020 11:58, Phil Pennock via Unbound-users wrote: > On 2020-12-03 at 10:11 +0100, Wouter Wijngaards via Unbound-users wrote: >> This version has fixes to connect for UDP sockets, slowing down >> potential ICMP side channel leakage. The fix can be controlled with the >> option udp-connect: yes, it is enabled by default. > > This is great stuff. One piece of fallout, mentioned in case it helps > others: at home, I use IPv6 locally but don't have IPv6 global > connectivity, so was relying upon Unbound handling absent reachable > addresses just fine.
There is a fix in the code repository for this. https://github.com/NLnetLabs/unbound/commit/5906811ff19f005110b2edbda5aa144ad5fa05b1 It ignores this log chatter at low verbosity. Best regards, Wouter > > Without configuration changes, this new behavior results in a lot of > logging of the form: > > udp connect failed: Network is unreachable for [...] > > To fix it, while leaving IPv6 available to clients on local net, I made > a change I probably should have done ages ago: > > do-not-query-address: ::/0 > prefer-ip4: yes > > That is, leave "do-ip6: yes" in place, but then tell the resolver to not > query any IPv6 address, and to not try that first anyway. > > With this change, the new log spam has gone away. > > -Phil >
