-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Michael,
On 03/25/2011 10:38 PM, Michael Watters wrote: >> Leave tcpdump running on a resolver and wait for the misconfigured >> offender to appear. Use one of the following: >> ---- >> tcpdump -i bond0 -n -p port 53 -s 0 -w /tmp/dump.pcap >> tcpdump -i bond0 -n -p port 53 -s 0 -w - -U | tee /tmp/dump.pcap | tcpdump >> -r - -n >> ---- >> >> Good hunting :) >> >> Cheers >> >> -- >> Alexander Clouter >> .sigmonster says: Future looks spotty. You will spill soup in late evening. > > This may be problematic on DNS nodes that are handling thousands of > queries per second. Is there a way to make unbound log what lookups > are causing these messages? Attached a small patch that logs the UDP packet that it tried to send to that (multicast) address. It logs for all UDP failures. with echo <that hex> | drill -i - you can see what query was being asked. This patch has not been tested (but its tiny). Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk2NocMACgkQkDLqNwOhpPgHaQCdFATMP446E3HLyVxFE36cFC/f KocAn2mxP+HNUoLEoT3/6jZmX64Otfw5 =EUYg -----END PGP SIGNATURE-----
Index: services/outside_network.c
===================================================================
--- services/outside_network.c (revision 2406)
+++ services/outside_network.c (working copy)
@@ -955,6 +955,7 @@
if(!comm_point_send_udp_msg(pend->pc->cp, packet,
(struct sockaddr*)&pend->addr, pend->addrlen)) {
portcomm_loweruse(outnet, pend->pc);
+ log_buf(0, "udp_packet_failed", packet);
return 0;
}
patch_log_failed_udp.diff.sig
Description: PGP signature
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
