Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error: udp connect failed #431

Closed
graphine27 opened this issue Feb 20, 2021 · 4 comments
Closed

error: udp connect failed #431

graphine27 opened this issue Feb 20, 2021 · 4 comments

Comments

@graphine27
Copy link

Hello,

I'm using 1.13.1 with OpenWrt.
The log is flooded with error: udp connect failed: Permission denied for <ipv6 addr>
This happens before the device gets an internet connection, after a connection is made, the log is not flooded.

I have set verbosity: 0 but still see these logs.

@graphine27
Copy link
Author

After enabling tls_upstream for the zone the udp errors are gone but these appeared: error: outgoing tcp: connect: Permission denied for 2606:4700:4700::1111 port 853
These errors occur less often than udp ones did.

@wcawijngaards
Copy link
Member

Thanks for the bug report. The first, udp connect, error is fixed in the commit. It now appears only at high verbosity. The second one is strange because it should only appear at verbosity 2 and higher. Changed the code to make that 4 and higher.

jedisct1 added a commit to jedisct1/unbound that referenced this issue Feb 26, 2021
* nlnet/master: (103 commits)
  - Fix: Resolve interface names on control-interface too.
  - Fix for NLnetLabs#367: rc_ports don't have ub_sock; skip cleaning up.
  - Fix to allow rpz with wildcard that applies to all TLDs at once.
  Changelog note for NLnetLabs#365, NLnetLabs#367 and NLnetLabs#368. - Merge PR NLnetLabs#367 : DNSTAP log local address.  With code from PR NLnetLabs#365   and fixes NLnetLabs#368 : dnstap does not log the DNS message ID for   FORWARDER_QUERY.
  Fix comment item.
  Fix to use a simple pointer in the call of make_sock and make_sock_port.
  - spelling fix in header.
  - Fix unit test for added ulimit checks.
  - Fix function documentation.
  - On startup of unbound it checks if rlimits on memory size look   sufficient for the configured cache size, and logs warning if not.
  - ipsecmod: Better logging for detecting a cycle when attaching the   A/AAAA subquery.
  - Fix NLnetLabs#384: (1) A minor request to improve the log (2) A minor bug in   one log message.
  - Fix for zonemd, do not reject insecure result from trust anchor   validation step in dnssec chain of trust.
  - Fix for zonemd, that domain-insecure zones work without dnssec.
  Spelling fix.
  - Fix for zonemd, that nxdomain for the chain of trust is allowed   for island zones, it is treates as an insecure zone for verification.
  - Fix NLnetLabs#431: Squelch permission denied errors for tcp connect
  - rpz skip nsec3param records, and nicer log for unsupported actions.
  - Fix NLnetLabs#429: rpz: url: with https: broken (regression in 1.13.1).
  - Fix doxygen and pydoc warnings.
  ...
@ndilieto
Copy link

ndilieto commented Aug 9, 2021

40fbc3f doesn't fix the problem for me. You also need to check for EACCES. See 40fbc3f#r54645670

wcawijngaards added a commit that referenced this issue Aug 13, 2021
  and udp send, they are visible at higher verbosity settings.
@wcawijngaards
Copy link
Member

Thanks for the report, fixed to ignore those printouts at low verbosity too, in ad45e9b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants