What does this message mean in my tor logs?
Hi all, I’m running a server with a couple of relays and was getting good overall performance (120+ Mbps) up until a couple days ago. For the last two days, the log for one of the two relays is showing thousands of the following message: [notice] Resolved [scrubbed] which was already resolved ignoring Prior to yesterday, I hadn’t ever seen this message in my log (and the second relay on this same server/same IP is not showing any such messages). Since this started, my throughput has dropped from around 120Mbps to about 80Mbps. Looking around on the internet, I can’t find anything about this message. My server is running tor 2.7.6 on Ubuntu. The relay in question is: https://atlas.torproject.org/#details/FE67A1BA4EF1D13A617AEFB416CB9E44331B22... <https://atlas.torproject.org/#details/FE67A1BA4EF1D13A617AEFB416CB9E44331B223A> Any suggestions on what might be going would be appreciated. Thanks in advance! Regards, -Pat
On 28 Jan 2016, at 12:38, Pat Scharmer <pat@scharmer.net> wrote:
Hi all,
I’m running a server with a couple of relays and was getting good overall performance (120+ Mbps) up until a couple days ago. For the last two days, the log for one of the two relays is showing thousands of the following message:
[notice] Resolved [scrubbed] which was already resolved ignoring
It seems that tor is getting duplicate DNS responses when it sends out a DNS query. Are your resolvers configured correctly? Have you configured a caching DNS resolver on your machine? (This has been reported to increase throughput substantially.)
Prior to yesterday, I hadn’t ever seen this message in my log (and the second relay on this same server/same IP is not showing any such messages). Since this started, my throughput has dropped from around 120Mbps to about 80Mbps. Looking around on the internet, I can’t find anything about this message. My server is running tor 2.7.6 on Ubuntu.
A misconfigured DNS resolver is one of the common reasons Exit throughput drops.
The relay in question is: https://atlas.torproject.org/#details/FE67A1BA4EF1D13A617AEFB416CB9E44331B22... <https://atlas.torproject.org/#details/FE67A1BA4EF1D13A617AEFB416CB9E44331B223A> Thanks for the fingerprint, Atlas confirms your relay is an Exit.
Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
Thanks Tim. Yes, I’m running unbound on the server configured to cache directly from the root DNS servers. It’s worked without issue until just a few days ago. I’ve refreshed the root hints file and restarted the service. It seems better at the moment… and throughput seems to have improved as well. I’ll continue to monitor and see if there are any other things that need to be adjusted with my unbound conf. I appreciate your help! -Pat
On Jan 28, 2016, at 1:29 PM, Tim Wilson-Brown - teor <teor2345@gmail.com> wrote:
On 28 Jan 2016, at 12:38, Pat Scharmer <pat@scharmer.net <mailto:pat@scharmer.net>> wrote:
Hi all,
I’m running a server with a couple of relays and was getting good overall performance (120+ Mbps) up until a couple days ago. For the last two days, the log for one of the two relays is showing thousands of the following message:
[notice] Resolved [scrubbed] which was already resolved ignoring
It seems that tor is getting duplicate DNS responses when it sends out a DNS query. Are your resolvers configured correctly?
Have you configured a caching DNS resolver on your machine? (This has been reported to increase throughput substantially.)
Prior to yesterday, I hadn’t ever seen this message in my log (and the second relay on this same server/same IP is not showing any such messages). Since this started, my throughput has dropped from around 120Mbps to about 80Mbps. Looking around on the internet, I can’t find anything about this message. My server is running tor 2.7.6 on Ubuntu.
A misconfigured DNS resolver is one of the common reasons Exit throughput drops.
The relay in question is: https://atlas.torproject.org/#details/FE67A1BA4EF1D13A617AEFB416CB9E44331B22... <https://atlas.torproject.org/#details/FE67A1BA4EF1D13A617AEFB416CB9E44331B223A> Thanks for the fingerprint, Atlas confirms your relay is an Exit.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
So the duplicate DNS responses has returned. Any thoughts on what would cause duplicate DNS responses? I'm running unbound with DNSSEC activated and it is using the root name servers as the upstream resolvers. -Pat pat@scharmer.net Sent from my iPhone
On Jan 28, 2016, at 1:29 PM, Tim Wilson-Brown - teor <teor2345@gmail.com> wrote:
On 28 Jan 2016, at 12:38, Pat Scharmer <pat@scharmer.net> wrote:
Hi all,
I’m running a server with a couple of relays and was getting good overall performance (120+ Mbps) up until a couple days ago. For the last two days, the log for one of the two relays is showing thousands of the following message:
[notice] Resolved [scrubbed] which was already resolved ignoring
It seems that tor is getting duplicate DNS responses when it sends out a DNS query. Are your resolvers configured correctly?
Have you configured a caching DNS resolver on your machine? (This has been reported to increase throughput substantially.)
Prior to yesterday, I hadn’t ever seen this message in my log (and the second relay on this same server/same IP is not showing any such messages). Since this started, my throughput has dropped from around 120Mbps to about 80Mbps. Looking around on the internet, I can’t find anything about this message. My server is running tor 2.7.6 on Ubuntu.
A misconfigured DNS resolver is one of the common reasons Exit throughput drops.
The relay in question is: https://atlas.torproject.org/#details/FE67A1BA4EF1D13A617AEFB416CB9E44331B22...
Thanks for the fingerprint, Atlas confirms your relay is an Exit.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 01/29/2016 05:34 AM, Pat Scharmer wrote:
So the duplicate DNS responses has returned. Any thoughts on what would cause duplicate DNS responses? I'm running unbound with DNSSEC activated and it is using the root name servers as the upstream resolvers.
Wild guess, but I'd suspect a routing issue. You'd get duplicate responses if the requests are being sent twice. Have you recently made any changes to iptables or your kernel routing table? Do you get double responses if you ping another server, say example.com? I mention this guess because last year I was messing with packet forwarding on a personal machine and had duplicated packets (which manifested itself as log warnings, double ping replies, and slow performance) until I fixed my iptables rules. -- Jesse V
Thanks Jesse & Tim for your help. I cleaned up my IP tables a bit and replaced unbound with Bind9 configured to use a high-speed regional open DNS resolver and things seem to be much better. Total server throughput for the 2 relays is back up to around 190 Mbps (and climbing) with no more warnings in the logs. Not sure what happened last week that started the problem, but at least it seems to be better. Thanks again! -Pat
On Jan 29, 2016, at 8:46 AM, Jesse V <kernelcorn@riseup.net> wrote:
Wild guess, but I'd suspect a routing issue. You'd get duplicate responses if the requests are being sent twice. Have you recently made any changes to iptables or your kernel routing table? Do you get double responses if you ping another server, say example.com?
participants (3)
-
Jesse V -
Pat Scharmer -
Tim Wilson-Brown - teor