On Fri, Apr 14, 2023 at 10:20:39AM -0600, Theo de Raadt wrote: > Doctor! Doctor! It hurts when I stick a knife in here! > > When you do weird, harsh, or unrealistic packet filtering, application > software will occasionally log that you are losing packets which should > not be filtered, to alert that normal network operation isn't occuring. > That is to be expected. It is even desirable. > > So I think you are only thinking of your own usage case, and trying > too hard to show that it is synthetic. > > But let's get back to the real story: libunbound is upstream software. > We carry diffs against upstream software, but only when the case is > extremely compelling. > > So how about taking your case up with those doctors, instead.
Perhaps I didn't explain myself well enough. I understand. You don't want to deal with it, and you're protecting Florian from unrealistic waste of time. In my network port 53 had a free course before I got these weird messages which I thought my software was causing. When I examined unwind a little it was ignoring my "forwarder" that I set for it and went to the destination nameservers (arpa. NS's perhaps, or pool.ntp.org.'s) on it's own accord. I only added stricter firewall rules so that I could isolate the issue and then it became clearer what the log was trying to say. If you don't want misleading logs then why log at all? I know next to nothing about libunbound and I'm trying to understand what unwind was telling me in my logs. So I won't bother with going upstream because they can tell me something but I will only understand the half. -peter
