[tor-relays] exit operators: overall DNS failure rate above 5% - please check your DNS resolver
Roger Dingledine
arma at torproject.org
Mon Jul 1 08:57:44 UTC 2019
On Sat, Jun 29, 2019 at 08:59:34AM +0200, Tim Niemeyer wrote:
> There are 4 exits on one machine with one dns server. Only 3 of them
> are shown in the list:
> https://metrics.torproject.org/rs.html#search/as:AS205100
Looks like all four are listed, when I checked just now.
> Maybe it is a load problem, because this machine has 100% cpu load? :(
I see that your exit policy is "reject port 25, accept the rest". So
I would guess that you are one of the few exit relays that is getting
all of the requests for destination ports that are otherwise rejected
in the default exit policy. It will make you very busy.
> A dedicated machine for dns may be good, but currently we have only
> this one machine. Another way could be to recude exit capacity, but I
> don't know if it's a good idea to throttle it?
I would suggest moving to the default exit policy rather than throttling,
if you're going to choose one. You might even find that you can handle
even more traffic in that case.
> Btw, in the mean time we got more upstream transit and now we are
> looking to get better / second hardware. But money is a limiting
> factor. :(
I'd suggest coordinating with the various torservers.net non-profits,
to see if any of them are looking to expand and you could affiliate
more with them, but it looks like your IP space is already connected
to torservers.net, so it sounds like you are on your way there. Still,
it might be a way to grow even more.
Thanks!
--Roger
More information about the tor-relays
mailing list