On 1 Jul 2019, at 21:41, Tyler Durden virii@enn.lu wrote:
I can't really understand why our relays should fail so often because the logs of our DNS daemon don't show anything and I haven't seen the warning about nameservers that failed for a long time...
Maybe the script that checks about DNS failures on Exits is not reporting correctly?
There are some other options worth considering: * the script is overloading its client, which fails some requests * the exit is overloaded with circuits or streams (and not DNS), so it fails some requests without a DNS query * DNS fails in a way that the exit doesn't detect and log
Tor's DNS support is quite old, and it has had some significant bugs in the past. So I'd start looking there.
It's also worth checking the health of your DNS resolver. Tor exits put an unusual amount of load on DNS: there are lots of requests, for lots of different domains.
T