Hi, Over the weekend I started having those kind of error popping on my log at a very high rate (a few per seconds): Jan 25 09:00:00.000 [warn] eventdns: Address mismatch on received DNS packet. Apparent source was xxx.237.192.xxx:61083 Apparent source is not my IP and is different at every error message. I restarted my relay and I have stopped happening. I am running my own local unbound DNS server. Is it some kind of attack or simply an error that happened over the weekend? I have never seen it before. For what it's worth, my relay is an exit relay at about 150mbps.
On 26 Jan 2016, at 01:12, TorOp AnonymizedDotIo1 <torrelay@anonymized.io> wrote:
Hi,
Over the weekend I started having those kind of error popping on my log at a very high rate (a few per seconds):
Jan 25 09:00:00.000 [warn] eventdns: Address mismatch on received DNS packet. Apparent source was xxx.237.192.xxx:61083
Apparent source is not my IP and is different at every error message. I restarted my relay and I have stopped happening. I am running my own local unbound DNS server.
Is it some kind of attack or simply an error that happened over the weekend? I have never seen it before.
This error is logged when Tor sends a DNS query to an address, but gets a reply back from a different address. This could be an attack, or a misconfigured DNS server, or simply a multihomed DNS server. Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
participants (2)
-
Tim Wilson-Brown - teor -
TorOp AnonymizedDotIo1