Maintained by: NLnet Labs

[Unbound-users] multicast address alerts in logs

Alexander Clouter
Mon Mar 7 19:38:44 CET 2011

Michael Watters <wattersmt at> wrote:
> I still haven't been able to figure out what is causing these notices
> in the system log.  Does unbound have a log level setting that could
> filter the messages out?  Our DNS resolvers are working fine and I'd
> rather not be spammed by pointless notices.
A google search pops up something interesting:

Leave tcpdump running on a resolver and wait for the misconfigured 
offender to appear.  Use one of the following:
tcpdump -i bond0 -n -p port 53 -s 0 -w /tmp/dump.pcap
tcpdump -i bond0 -n -p port 53 -s 0 -w - -U | tee /tmp/dump.pcap | tcpdump -r - -n

Good hunting :)


Alexander Clouter
.sigmonster says: Future looks spotty.  You will spill soup in late evening.