Re: notice: send failed: Permission denied
Important note, the firewall block rule is reject, not block ... Thanks, John From: Unbound-users on behalf of Caroptions Caroptions via Unbound-users Sent: Monday, April 5, 2021 2:20 PM To: unbound-users@lists.nlnetlabs.nl Subject: notice: send failed: Permission denied Hi, Probably it is discussed already, then sorry for reiterating the same problem, but I couldn't find solution. unbound 1.13.1 I block certain ASNs/IPs on firewall. unbound starts normally, then after some time flood log with messages: unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 unbound[90575]: [90575:2] notice: send failed: Permission denied unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 unbound[90575]: [90575:2] notice: send failed: Permission denied unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 unbound[90575]: [90575:2] notice: send failed: Permission denied unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 unbound[90575]: [90575:2] notice: send failed: Permission denied unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 the SAME ip for hours. My firewall process CPU load jumps and stays on high level. unbound process CPU load high as well. My temporary workaround is adding: do-not-query-address: xx.xx.xx.xx When I add new ip to this list it stays normal for some time till unbound find new NS server IP which is blocked on firewall and all loads jumps and flood log with "notice" messages. In my understanding unbound should stop attempting to contact specific NS if it is not reachable/down? Thanks, John
notice: send failed: Permission denied
Hi, Probably it is discussed already, then sorry for reiterating the same problem, but I couldn't find solution. unbound 1.13.1 I block certain ASNs/IPs on firewall. unbound starts normally, then after some time flood log with messages: unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 unbound[90575]: [90575:2] notice: send failed: Permission denied unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 unbound[90575]: [90575:2] notice: send failed: Permission denied unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 unbound[90575]: [90575:2] notice: send failed: Permission denied unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 unbound[90575]: [90575:2] notice: send failed: Permission denied unbound[90575]: [90575:2] notice: remote address is xx.xx.xx.xx port 53 the SAME ip for hours. My firewall process CPU load jumps and stays on high level. unbound process CPU load high as well. My temporary workaround is adding: do-not-query-address: xx.xx.xx.xx When I add new ip to this list it stays normal for some time till unbound find new NS server IP which is blocked on firewall and all loads jumps and flood log with "notice" messages. In my understanding unbound should stop attempting to contact specific NS if it is not reachable/down? Thanks, John
default reply when not resolved
Hi, I have a server and want to reply a default IN A to some queries, if the recursive was not found in Forward, local-zone, etc. Example: The user tries to resolve A for www.example.com. If I was able to resolve, send back the reply 192.168.1.1. If not, reply with another info, like 172.16.1.1 So, when users put something wrong, like w.example.com, www.gooogle.com, or netflixx.com, etc. I want this working for all domains. not only those in example. This way I can send private server IP, and in HTTP requests show some info about the wrong domain. There is a way to configure something like that?
unbound becomes stale after transport interface flap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi I experience pretty same behavior of unbound: often it becomes stale after transport interface flap In my VPN I have DNS server which serves local zones. For clients I configure unbound to forward requests for those zones to that DNS server, and when VPN interface flaps of re-keying occures, unbound misbehaves and nothing valuable appears in log files so, please advise, where to look at? - ---[ unbound.conf quotation start ]--- domain-insecure: "abc." ... private-domain: "abc." ... local-zone: "abc." transparent ... include: /var/unbound/conf.d/*.conf - ---[ unbound.conf quotation end ]--- - ---[ conf.d/stub-zones.core.conf quotation start ] stub-zone: name: "abc." stub-addr: 1.2.3.4 stub-prime: yes stub-zone: ... - ---[ conf.d/stub-zones.core.conf quotation end ] - -- Zeus V. Panchenko jid:z...@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET) -BEGIN PGP SIGNATURE- iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCYGr+gAAKCRCveOk+D/ej KumZAKCT7+uaGIG09Lj0i6NvAEJApWNJZACg7vBh+uve4tCWu6sbfCq4tGAP3PI= =Lb31 -END PGP SIGNATURE-
