My exit node's consensus weight just jumped from 20 to 1750 overnight. When I checked to see how things were going, my log file is full of nameserver problems, happening every couple of minutes: Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up But the "All nameservers have failed" and "Nameserver xxx is back up" messages happen in pairs /at the exact same time./ What's going on here, and is there a way to fix this? My VPS has 2 nameservers listed for it, should I be using those? At any rate, my exit node is still getting enough traffic to hit the bandwidth limit, so I'm assuming it's still functioning at some capacity. Here's the Atlas link if anyone wants to check out the details: https://atlas.torproject.org/#details/D632232DDC823D00ACB4F99668B58B2D5BCFF9...
I really hope this isn't gonna post a duplicate, but it didn't go through the first time I sent it. -------- Forwarded Message -------- Subject: Nameservers fail and come back at the same time? Date: Sun, 31 Jan 2016 13:33:24 -0600 From: SuperSluether <supersluether@gmail.com> To: tor-relays@lists.torproject.org My exit node's consensus weight just jumped from 20 to 1750 overnight. When I checked to see how things were going, my log file is full of nameserver problems, happening every couple of minutes: Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up But the "All nameservers have failed" and "Nameserver xxx is back up" messages happen in pairs /at the exact same time./ What's going on here, and is there a way to fix this? My VPS has 2 nameservers listed for it, should I be using those? At any rate, my exit node is still getting enough traffic to hit the bandwidth limit, so I'm assuming it's still functioning at some capacity. Here's the Atlas link if anyone wants to check out the details: https://atlas.torproject.org/#details/D632232DDC823D00ACB4F99668B58B2D5BCFF9...
On 1 Feb 2016, at 06:33, SuperSluether <supersluether@gmail.com> wrote:
My exit node's consensus weight just jumped from 20 to 1750 overnight. When I checked to see how things were going, my log file is full of nameserver problems, happening every couple of minutes:
Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
But the "All nameservers have failed" and "Nameserver xxx is back up" messages happen in pairs at the exact same time. What's going on here, and is there a way to fix this? My VPS has 2 nameservers listed for it, should I be using those?
The times in tor logs are anonymised by rounding to the nearest second. So these entries are close together, but not necessarily at the same time. How many DNS servers do you have configured? (It looks like it's only one. That's quite a fragile configuration.) If it fails a request by chance, but the next request succeeds, this is the pattern of messages you'll see. Try adding a local caching resolver as the first listed name server. You might want to add your VPS DNS servers, and Google's other server to the end of the list, too. (A benefit of using local DNS servers is that fewer networks see your DNS requests. A drawback is that your VPS company then sees your DNS requests and your traffic, but they could do this anyway.) Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers? On 01/31/2016 03:08 PM, Tim Wilson-Brown - teor wrote:
On 1 Feb 2016, at 06:33, SuperSluether <supersluether@gmail.com <mailto:supersluether@gmail.com>> wrote:
My exit node's consensus weight just jumped from 20 to 1750 overnight. When I checked to see how things were going, my log file is full of nameserver problems, happening every couple of minutes:
Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
But the "All nameservers have failed" and "Nameserver xxx is back up" messages happen in pairs /at the exact same time./ What's going on here, and is there a way to fix this? My VPS has 2 nameservers listed for it, should I be using those?
The times in tor logs are anonymised by rounding to the nearest second. So these entries are close together, but not necessarily at the same time.
How many DNS servers do you have configured? (It looks like it's only one. That's quite a fragile configuration.) If it fails a request by chance, but the next request succeeds, this is the pattern of messages you'll see.
Try adding a local caching resolver as the first listed name server.
You might want to add your VPS DNS servers, and Google's other server to the end of the list, too. (A benefit of using local DNS servers is that fewer networks see your DNS requests. A drawback is that your VPS company then sees your DNS requests and your traffic, but they could do this anyway.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 1 Feb 2016, at 08:19, SuperSluether <supersluether@gmail.com> wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/ It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform. Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
Well, my VPS nameservers are domain names, not IP addresses, so I can't use them directly. In the meantime, I added Open DNS to resolv.conf, but I still get errors from Google DNS. Do I need to reboot to apply changes to resolv.conf? On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" <teor2345@gmail.com> wrote:
On 1 Feb 2016, at 08:19, SuperSluether <supersluether@gmail.com> wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/
It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 1 Feb 2016, at 10:38, Tristan <supersluether@gmail.com> wrote:
Well, my VPS nameservers are domain names, not IP addresses, so I can't use them directly. In the meantime, I added Open DNS to resolv.conf, but I still get errors from Google DNS. Do I need to reboot to apply changes to resolv.conf?
You likely need to send a HUP to tor to get it to re-read your DNS configuration. Maybe Google DNS is not reliable from your location, so you could put another name server first? Or perhaps investigate resolving your VPS DNS manually, then using their IP addresses as well? Tim
On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" <teor2345@gmail.com <mailto:teor2345@gmail.com>> wrote:
On 1 Feb 2016, at 08:19, SuperSluether <supersluether@gmail.com <mailto:supersluether@gmail.com>> wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/
It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
After sending tor a HUP, I now have errors from OpenDNS and Google DNS servers. I opened a support ticket with the provider to find out how to use their provided nameservers. Looks like I just need to keep fiddling. At any rate, I'm still getting plenty of traffic, and the servers come back almost instantly, so it shouldn't be making too much of an impact. Thanks for the help! On Jan 31, 2016 5:41 PM, "Tim Wilson-Brown - teor" <teor2345@gmail.com> wrote:
On 1 Feb 2016, at 10:38, Tristan <supersluether@gmail.com> wrote:
Well, my VPS nameservers are domain names, not IP addresses, so I can't use them directly. In the meantime, I added Open DNS to resolv.conf, but I still get errors from Google DNS. Do I need to reboot to apply changes to resolv.conf?
You likely need to send a HUP to tor to get it to re-read your DNS configuration.
Maybe Google DNS is not reliable from your location, so you could put another name server first? Or perhaps investigate resolving your VPS DNS manually, then using their IP addresses as well?
Tim
On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" <teor2345@gmail.com> wrote:
On 1 Feb 2016, at 08:19, SuperSluether <supersluether@gmail.com> wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/
It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, This isn't new, and it happens with any DNS resolver (ISP resolver, Google or OpenDNS, custom DNS resolver on localhost running unbound or bind, etc.). I have experienced it on all the exits I ever run, it's the most common warning. There's a ticket for it opened by me: https://trac.torproject.org/projects/tor/ticket/11600 When I opened the ticket, we thought it may be a libevent issue; that makes the nameserver look down while it is not, but see comment 6 in the linked ticket - that might be a cause also. In the mean time until we resolve this just keep the exit running with a localhost unbound or bind resolver and don't use Google or OpenDNS resolvers. It's best that an exit relay runs its own resolver. On 2/1/2016 5:46 AM, Tristan wrote:
After sending tor a HUP, I now have errors from OpenDNS and Google DNS servers. I opened a support ticket with the provider to find out how to use their provided nameservers. Looks like I just need to keep fiddling. At any rate, I'm still getting plenty of traffic, and the servers come back almost instantly, so it shouldn't be making too much of an impact.
Thanks for the help!
On Jan 31, 2016 5:41 PM, "Tim Wilson-Brown - teor" <teor2345@gmail.com <mailto:teor2345@gmail.com>> wrote:
On 1 Feb 2016, at 10:38, Tristan <supersluether@gmail.com <mailto:supersluether@gmail.com>> wrote:
Well, my VPS nameservers are domain names, not IP addresses, so I can't use them directly. In the meantime, I added Open DNS to resolv.conf, but I still get errors from Google DNS. Do I need to reboot to apply changes to resolv.conf?
You likely need to send a HUP to tor to get it to re-read your DNS configuration.
Maybe Google DNS is not reliable from your location, so you could put another name server first? Or perhaps investigate resolving your VPS DNS manually, then using their IP addresses as well?
Tim
On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" <teor2345@gmail.com <mailto:teor2345@gmail.com>> wrote:
On 1 Feb 2016, at 08:19, SuperSluether <supersluether@gmail.com <mailto:supersluether@gmail.com>> wrote:
I'm not sure how many DNS servers are configured because I never configured them. I just installed Tor and edited the torrc file with my port, exit policy, and bandwidth options. Where would I add/configure DNS servers?
Typically, by editing /etc/resolv.conf. But some platforms automatically generate it using the files in /etc/resolvconf/resolv.conf.d/
It should be fairly straightforward, if not, search the Internet for a HOWTO for your platform.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJWsNTyAAoJEIN/pSyBJlsRyRIH/Rld4INBEbLR8FMCYMvhNbi8 b9kUSzh5s44mfZCf5DG/zBKPiEqGoZZxiV6R4BuNBYL6VnuxrDSEm26D/U2NFO7m FPO4hbLpjej40piR+2q9FHwWKOmJgWjKq5nql1qRviVmX4fPXeQJ8UzT+Ue/wCKb 4xRtasaSdJY12SuaseLOVKDhFZqBWzn7BFnpMaRDx42MjJpq82OFNEk0Ew/TW1ii TNzRNMEBFFlNAgh6lEbg9UIhvJQhF9RFItEPaahxudfiHGgCitf0Zj7XJRt64B9g Ca0uBMbFBPMTNnKzNnvfnw1Sg6zBsRa0XUuAVwFJlAy6jrFGkVlSTbIH2nZpnLk= =3Fue -----END PGP SIGNATURE-----
participants (4)
-
s7r -
SuperSluether -
Tim Wilson-Brown - teor -
Tristan