Hi,
Over the weekend I started having those kind of error popping on my log at a very high rate (a few per seconds):
Jan 25 09:00:00.000 [warn] eventdns: Address mismatch on received DNS packet. Apparent source was xxx.237.192.xxx:61083
Apparent source is not my IP and is different at every error message. I restarted my relay and I have stopped happening. I am running my own local unbound DNS server.
Is it some kind of attack or simply an error that happened over the weekend? I have never seen it before.
For what it's worth, my relay is an exit relay at about 150mbps.
On 26 Jan 2016, at 01:12, TorOp AnonymizedDotIo1 torrelay@anonymized.io wrote:
Hi,
Over the weekend I started having those kind of error popping on my log at a very high rate (a few per seconds):
Jan 25 09:00:00.000 [warn] eventdns: Address mismatch on received DNS packet. Apparent source was xxx.237.192.xxx:61083
Apparent source is not my IP and is different at every error message. I restarted my relay and I have stopped happening. I am running my own local unbound DNS server.
Is it some kind of attack or simply an error that happened over the weekend? I have never seen it before.
This error is logged when Tor sends a DNS query to an address, but gets a reply back from a different address.
This could be an attack, or a misconfigured DNS server, or simply a multihomed DNS server.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
tor-relays@lists.torproject.org
-
Tim Wilson-Brown - teor -
TorOp AnonymizedDotIo1