Maintained by: NLnet Labs

[Unbound-users] multicast address alerts in logs

Alexander Clouter
Mon Mar 7 19:38:44 CET 2011


Michael Watters <wattersmt at gmail.com> wrote:
>
> I still haven't been able to figure out what is causing these notices
> in the system log.  Does unbound have a log level setting that could
> filter the messages out?  Our DNS resolvers are working fine and I'd
> rather not be spammed by pointless notices.
>
A google search pops up something interesting:

http://forums.fedoraforum.org/showpost.php?p=51979&postcount=5

Leave tcpdump running on a resolver and wait for the misconfigured 
offender to appear.  Use one of the following:
----
tcpdump -i bond0 -n -p port 53 -s 0 -w /tmp/dump.pcap
tcpdump -i bond0 -n -p port 53 -s 0 -w - -U | tee /tmp/dump.pcap | tcpdump -r - -n
----

Good hunting :)

Cheers

-- 
Alexander Clouter
.sigmonster says: Future looks spotty.  You will spill soup in late evening.