Please need urgent help with the DNS resolver of a fast exit relay
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, The servers from my ISP are not stable or good enough to handle the traffic for this Tor exit router. I get this in the log very often: Apr 24 15:14:07.000 [notice] Circuit handshake stats since last time: 91633/91636 TAP, 15962/15962 NTor. Apr 24 17:40:45.000 [warn] eventdns: All nameservers have failed Apr 24 17:40:45.000 [notice] eventdns: Nameserver <ip>:53 is back up Both nameservers fail and come back after 1 second, or less. I don't know what impact will this have on the exit node. Is it any problem at all? I have decided also to setup my own DNS resolver and not use the ones from ISP, so I have installed named. What I need help is, for your someone to tell me exactly how do i have to edit named.conf in order to: 1. Enable DNSSEC, for the clients who want to use it. Not make it a requirement, just enable it and prefer it over normal DNS if and when possible. 2. Be able to resolve all TLDs as described here: https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver#DNSResolverSer... Now I can clearly understand the message from that post but there is no instruction anywhere about how to do it, those links for Alt Roots are broken. Is this a requirement? Who needs to resolve silly TLDs not supported by IANA / ICANN anyway? 3. Cache the records for as long as possible - my relay is already using a lot of traffic so I have to spare as much as I can. Please provide me with a good named.conf and description of settings so I can properly configure a good DNS resolver for my relay. Thank you in advance! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBCAAGBQJTWTnUAAoJEIN/pSyBJlsRtN8IAJK8ndrb6IdW+PRpynTu5gzH /6ID3k3uO+EX1jKDSrSMzUlfaOZT0UIVXX/KKxqJSa4YQH4MMGcWfCYXkv+bdFC0 s3ABvAWOeklX5KxUwGWaEJJND+Zu4nstIcVTFpjKpbiFJ7mdzjlDVSCsZFXYBVoV tOY7amgAoQCxNsG0aBKUKeArRSJ03jcicD/92PkL8ro2IB6FItusp5Qywcp12Nhq mXEJdD8l/5jSS1epaaZJ6LzDFyyZsVKsxK8EkBxkYtblkk8WxUnkz4gXrP88cnMC rHb8gqLBvHqjLUn1fKtmJbxJ/J1qEa+2PyoJpzkh4hQxXSZ52TskWKSi0eR7j5E= =675a -----END PGP SIGNATURE-----
"s7r@sky-ip.org" <s7r@sky-ip.org> wrote Thu, 24 Apr 2014 19:20:37 +0300: | I get this in the log very often: | Apr 24 15:14:07.000 [notice] Circuit handshake stats since last time: | 91633/91636 TAP, 15962/15962 NTor. | Apr 24 17:40:45.000 [warn] eventdns: All nameservers have failed | Apr 24 17:40:45.000 [notice] eventdns: Nameserver <ip>:53 is back up | | Both nameservers fail and come back after 1 second, or less. Are you running this relay on a BSD system, perchance? I see this on lots of relays on FreeBSD and think that it's related to libevent on certain platforms. I also think that it's benign.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 4/25/2014 3:26 PM, Linus Nordberg wrote:
Yeah I am running it on FreeBSD 10.0 release. Anything I can do about it? If it's just working on normal basis regardless this warning i can leave it like this? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBCAAGBQJTWopaAAoJEIN/pSyBJlsRdf8H/2mk3ERggvVKGmtUz4GhbXmn 9QoQWIxYA+Mp8YLXcVE1FxYOYrCYavgV/VvnJtz06TTDkNJaFYM5diLYOd1Wgcyq BRMVt/WrojbioxCikuzovxgL3UcrmUiP0xy2gPF+p+p/Hf+nsqV/TkpywBSVyAki QVrUWRt2fYgnXepj6W3LgogebKeQxmsU37zpm91cx6zdgzzAUmw5V5DB+H0TGRwj a5E9walNQnDryX8Wj4WbfzSZwW9JyERnospAb+BCzsoeI6nxIlJCRmshZxWtbKHT GKmGHQzvJG6GAKGwtzuE52EL8oedw7o576QeSJqGdlxUHPgpA6Z66PnuoFAopNQ= =QYg0 -----END PGP SIGNATURE-----
participants (2)
-
Linus Nordberg -
s7r@sky-ip.org