[warn] eventdns: All nameservers have failed
Jun 19 20:24:38.000 [warn] eventdns: All nameservers have failed Jun 19 20:24:38.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up I do get this in my logs on an exit (Tor 0.2.7.6) several times every hour. The /etc/resolv.conf contains # Generated by SolusVM nameserver 8.8.8.8 nameserver 8.8.4.4 Is it really best to set only one DNS like specified here https://trac.torproject.org/projects/tor/ticket/11600 ? Or are there better working solutions?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 06/19/2016 09:59 PM, pa011 wrote:
Or are there better working solutions?
I do have only 127.0.0.1 set in my resolv.conf and do use dnsmasq together with strict DNSSEC. works like a charm and DNSSEC is really a good thing IMO. The configuration is straight forward: # grep -v -e '#' -e'^$' /etc/dnsmasq.conf conf-file=/usr/share/dnsmasq/trust-anchors.conf dnssec dnssec-check-unsigned no-resolv server=<snip> server=<snip> server=<snip> server=<snip> server=<snip> server=<snip> cache-size=10000 Furthermore it reduces the load to upstream DNS servers by 1/3 : # pkill -SIGUSR1 dnsmasq; sleep 1; tail /var/log/messages | grep dnsmasq Jun 19 22:14:49 ms-magpie dnsmasq[1442]: time 1466367289 Jun 19 22:14:49 ms-magpie dnsmasq[1442]: cache size 10000, 91142/4075150 cache insertions re-used unexpired cache entries. Jun 19 22:14:49 ms-magpie dnsmasq[1442]: queries forwarded 1665387, queries answered locally 695441 Jun 19 22:14:49 ms-magpie dnsmasq[1442]: DNSSEC memory in use 174384, max 311808, allocated 999984 - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAldm/cIACgkQxOrN3gB26U7r8wD8DDPMBmNHc3ENAQfeYd0clt3X xPZdiFXwiQ6a94niYu4A/0phgRXBP++MgJOURWHlN3irSJiVkniuUcChSXY8wr8K =ugdK -----END PGP SIGNATURE-----
It's been mentioned here once before, but you shouldn't be using Google's DNS servers as they see almost all of the Tor network traffic. My solution was to run a local DNS resolver (unbound in my case) and to use at least 2 DNS servers from the Open NIC project: https://www.opennicproject.org/configure-your-dns/ After adding servers from OpenNIC, the errors disappeared completely for me. On 06/19/2016 02:59 PM, pa011 wrote:
Jun 19 20:24:38.000 [warn] eventdns: All nameservers have failed Jun 19 20:24:38.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
I do get this in my logs on an exit (Tor 0.2.7.6) several times every hour.
The /etc/resolv.conf contains
# Generated by SolusVM nameserver 8.8.8.8 nameserver 8.8.4.4
Is it really best to set only one DNS like specified here https://trac.torproject.org/projects/tor/ticket/11600 ?
Or are there better working solutions? _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hello, This warn is known for some time. It's safe to ignore this warning no matter how many times you see it in your log file, IIRC it's a libevent issue when DNS resolvers are idle. All my exit relays have multiple such lines in the log files constantly. It's highly important to run your own resolver on localhost 127.0.0.1 such as unbound or bind. Installation is pretty straight forward since you need only a resolver. You will still get this warning even with your own resolver hosted on localhost regardless if you use unbound or bind, it's unrelated to this warning message, but using a local resolver will help privacy of the users using your exit. It's the recommended way to run exit relays. On 6/19/2016 10:59 PM, pa011 wrote:
Jun 19 20:24:38.000 [warn] eventdns: All nameservers have failed Jun 19 20:24:38.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
I do get this in my logs on an exit (Tor 0.2.7.6) several times every hour.
The /etc/resolv.conf contains
# Generated by SolusVM nameserver 8.8.8.8 nameserver 8.8.4.4
Is it really best to set only one DNS like specified here https://trac.torproject.org/projects/tor/ticket/11600 ?
Or are there better working solutions?
participants (4)
-
pa011 -
s7r -
SuperSluether -
Toralf Förster