My exit node's consensus weight just jumped from 20 to 1750 overnight. When I checked to see how things were going, my log file is full of nameserver problems, happening every couple of minutes:
Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
But the "All nameservers have failed" and "Nameserver xxx is back up" messages happen in pairs /at the exact same time./ What's going on here, and is there a way to fix this? My VPS has 2 nameservers listed for it, should I be using those?
At any rate, my exit node is still getting enough traffic to hit the bandwidth limit, so I'm assuming it's still functioning at some capacity. Here's the Atlas link if anyone wants to check out the details: https://atlas.torproject.org/#details/D632232DDC823D00ACB4F99668B58B2D5BCFF9...
I really hope this isn't gonna post a duplicate, but it didn't go through the first time I sent it.
-------- Forwarded Message -------- Subject: Nameservers fail and come back at the same time? Date: Sun, 31 Jan 2016 13:33:24 -0600 From: SuperSluether supersluether@gmail.com To: tor-relays@lists.torproject.org
My exit node's consensus weight just jumped from 20 to 1750 overnight. When I checked to see how things were going, my log file is full of nameserver problems, happening every couple of minutes:
Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
But the "All nameservers have failed" and "Nameserver xxx is back up" messages happen in pairs /at the exact same time./ What's going on here, and is there a way to fix this? My VPS has 2 nameservers listed for it, should I be using those?
At any rate, my exit node is still getting enough traffic to hit the bandwidth limit, so I'm assuming it's still functioning at some capacity. Here's the Atlas link if anyone wants to check out the details: https://atlas.torproject.org/#details/D632232DDC823D00ACB4F99668B58B2D5BCFF9...
On 1 Feb 2016, at 06:33, SuperSluether supersluether@gmail.com wrote:
My exit node's consensus weight just jumped from 20 to 1750 overnight. When I checked to see how things were going, my log file is full of nameserver problems, happening every couple of minutes:
Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
But the "All nameservers have failed" and "Nameserver xxx is back up" messages happen in pairs at the exact same time. What's going on here, and is there a way to fix this? My VPS has 2 nameservers listed for it, should I be using those?
The times in tor logs are anonymised by rounding to the nearest second. So these entries are close together, but not necessarily at the same time.
How many DNS servers do you have configured? (It looks like it's only one. That's quite a fragile configuration.) If it fails a request by chance, but the next request succeeds, this is the pattern of messages you'll see.
Try adding a local caching resolver as the first listed name server.
You might want to add your VPS DNS servers, and Google's other server to the end of the list, too. (A benefit of using local DNS servers is that fewer networks see your DNS requests. A drawback is that your VPS company then sees your DNS requests and your traffic, but they could do this anyway.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
On 01/31/2016 03:08 PM, Tim Wilson-Brown - teor wrote:
On 1 Feb 2016, at 06:33, SuperSluether <supersluether@gmail.com mailto:supersluether@gmail.com> wrote:
My exit node's consensus weight just jumped from 20 to 1750 overnight. When I checked to see how things were going, my log file is full of nameserver problems, happening every couple of minutes:
Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
But the "All nameservers have failed" and "Nameserver xxx is back up" messages happen in pairs /at the exact same time./ What's going on here, and is there a way to fix this? My VPS has 2 nameservers listed for it, should I be using those?
The times in tor logs are anonymised by rounding to the nearest second. So these entries are close together, but not necessarily at the same time.
How many DNS servers do you have configured? (It looks like it's only one. That's quite a fragile configuration.) If it fails a request by chance, but the next request succeeds, this is the pattern of messages you'll see.
Try adding a local caching resolver as the first listed name server.
You might want to add your VPS DNS servers, and Google's other server to the end of the list, too. (A benefit of using local DNS servers is that fewer networks see your DNS requests. A drawback is that your VPS company then sees your DNS requests and your traffic, but they could do this anyway.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 1 Feb 2016, at 08:19, SuperSluether supersluether@gmail.com wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/
It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
Well, my VPS nameservers are domain names, not IP addresses, so I can't use them directly. In the meantime, I added Open DNS to resolv.conf, but I still get errors from Google DNS. Do I need to reboot to apply changes to resolv.conf? On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" teor2345@gmail.com wrote:
On 1 Feb 2016, at 08:19, SuperSluether supersluether@gmail.com wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/
It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 1 Feb 2016, at 10:38, Tristan supersluether@gmail.com wrote:
Well, my VPS nameservers are domain names, not IP addresses, so I can't use them directly. In the meantime, I added Open DNS to resolv.conf, but I still get errors from Google DNS. Do I need to reboot to apply changes to resolv.conf?
You likely need to send a HUP to tor to get it to re-read your DNS configuration.
Maybe Google DNS is not reliable from your location, so you could put another name server first? Or perhaps investigate resolving your VPS DNS manually, then using their IP addresses as well?
Tim
On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" <teor2345@gmail.com mailto:teor2345@gmail.com> wrote:
On 1 Feb 2016, at 08:19, SuperSluether <supersluether@gmail.com mailto:supersluether@gmail.com> wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/
It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
After sending tor a HUP, I now have errors from OpenDNS and Google DNS servers. I opened a support ticket with the provider to find out how to use their provided nameservers. Looks like I just need to keep fiddling. At any rate, I'm still getting plenty of traffic, and the servers come back almost instantly, so it shouldn't be making too much of an impact.
Thanks for the help! On Jan 31, 2016 5:41 PM, "Tim Wilson-Brown - teor" teor2345@gmail.com wrote:
On 1 Feb 2016, at 10:38, Tristan supersluether@gmail.com wrote:
Well, my VPS nameservers are domain names, not IP addresses, so I can't use them directly. In the meantime, I added Open DNS to resolv.conf, but I still get errors from Google DNS. Do I need to reboot to apply changes to resolv.conf?
You likely need to send a HUP to tor to get it to re-read your DNS configuration.
Maybe Google DNS is not reliable from your location, so you could put another name server first? Or perhaps investigate resolving your VPS DNS manually, then using their IP addresses as well?
Tim
On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" teor2345@gmail.com wrote:
On 1 Feb 2016, at 08:19, SuperSluether supersluether@gmail.com wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/
It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hello,
This isn't new, and it happens with any DNS resolver (ISP resolver, Google or OpenDNS, custom DNS resolver on localhost running unbound or bind, etc.).
I have experienced it on all the exits I ever run, it's the most common warning. There's a ticket for it opened by me:
https://trac.torproject.org/projects/tor/ticket/11600
When I opened the ticket, we thought it may be a libevent issue; that makes the nameserver look down while it is not, but see comment 6 in the linked ticket - that might be a cause also.
In the mean time until we resolve this just keep the exit running with a localhost unbound or bind resolver and don't use Google or OpenDNS resolvers. It's best that an exit relay runs its own resolver.
On 2/1/2016 5:46 AM, Tristan wrote:
After sending tor a HUP, I now have errors from OpenDNS and Google DNS servers. I opened a support ticket with the provider to find out how to use their provided nameservers. Looks like I just need to keep fiddling. At any rate, I'm still getting plenty of traffic, and the servers come back almost instantly, so it shouldn't be making too much of an impact.
Thanks for the help!
On Jan 31, 2016 5:41 PM, "Tim Wilson-Brown - teor" <teor2345@gmail.com mailto:teor2345@gmail.com> wrote:
On 1 Feb 2016, at 10:38, Tristan <supersluether@gmail.com mailto:supersluether@gmail.com> wrote:
Well, my VPS nameservers are domain names, not IP addresses, so I can't use them directly. In the meantime, I added Open DNS to resolv.conf, but I still get errors from Google DNS. Do I need to reboot to apply changes to resolv.conf?
You likely need to send a HUP to tor to get it to re-read your DNS configuration.
Maybe Google DNS is not reliable from your location, so you could put another name server first? Or perhaps investigate resolving your VPS DNS manually, then using their IP addresses as well?
Tim
On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" <teor2345@gmail.com mailto:teor2345@gmail.com> wrote:
On 1 Feb 2016, at 08:19, SuperSluether <supersluether@gmail.com mailto:supersluether@gmail.com> wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/
It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays@lists.torproject.org
-
s7r -
SuperSluether -
Tim Wilson-Brown - teor -
Tristan