On Wed, 17 Aug 2016 12:23:15 +1000 teor teor2345-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:
Has anyone checked if the logs on other resolvers (like unbound) have the same issue?
On my exit running unbound, I haven't seen any messages from unbound beyond the startup/shutdown messages for the past several weeks, but maybe I just haven't gotten the right errors. I didn't see anything in the code that looked like logging requested names, but I only took a quick glance. The default verbosity seems kinda low, but of course that's no guarantee.
What kind of resolution errors are you talking about? Plain NXDOMAIN failures, failing to reach nameservers, DNSSEC failed signatures, or anything else? Do you know of any domains handy that could be used to test the relevant failure cases? (e.g. a dns entry that points to an unreachable server, or results in an invalid DNSSEC response, etc.) That would make it easy for exit operators to test what happens and take out some guesswork.