Hi! Tor at 1AEO via network-health:
Hi Network Health Team,
A few large-scale exit relay operators have asked for better visibility into DNS health across their relays. We've built an exitmap module, dnshealth, to address this and want your input before we start running scans and publishing results.
Very nice work, thanks!
What It Does
- Generates unique DNS queries per relay (wildcard subdomain → expected IP) to avoid caches - Classifies failures: timeout, NXDOMAIN, wrong IP, SOCKS errors - Outputs structured JSON with latency and error details
All code is open source: https://github.com/1aeo/exitmap
Initial testing: ~98% success rate across ~3k exits, 50-90 true failures per scan, 4-8 min runtime.
You mean true DNS resolution failures per scan or general ones (including DNS)?
Before We Proceed
1. Any concerns with us running regular scans and publishing results?
It depends on the regularity. What did you have in mind in that regard? We are currently running the dnsresolution module on a weekly basis and informing relay operators in case of trouble and that has been sufficient frequency-wise I think. I don't think there are any publishing concerns, no. Where are the results supposed to show up?
2. Recommendations on scan frequency or methodology?
Yes. I think weekly should be fine at least for a start. As for the methodology it would be very much appreciated if you could upstream you changes to exitmap itself where it makes sense so we don't start creating duplicated infrastructure. Ideally, there would be only one dnsresolution module and not a myriad of different ones.
Happy to adjust our approach based on your guidance.
I tried to provide some, let me know if you had something else in mind or I forgot to address anything. Thanks, Georg
_______________________________________________ network-health mailing list -- network-health@lists.torproject.org To unsubscribe send an email to network-health-leave@lists.torproject.org