[tor-bugs] #18580 [Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Mar 20 00:59:07 UTC 2016


#18580: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
----------------------+------------------------------
 Reporter:  Dhalgren  |          Owner:
     Type:  defect    |         Status:  new
 Priority:  Medium    |      Milestone:
Component:  Tor       |        Version:  Tor: 0.2.7.6
 Severity:  Major     |     Resolution:
 Keywords:            |  Actual Points:
Parent ID:            |         Points:
 Reviewer:            |        Sponsor:  None
----------------------+------------------------------

Comment (by Dhalgren):

 Spent some time accessing relays with control-channel commands.  GoDaddy
 does not appear to be systematically blocking fast Tor relays.  However
 the block stays once applied.  'ashtrayhat3' can resolve GoDaddy DNS
 queries because the operator pointed DNS at a regional resolver.  But
 'ashtrayhat3' still cannot connect to addresses in AS26496.

 Judging by the 30000 GoDaddy domain lookup attempts found in the unbound
 cache on my relay, I suspect that 'ashtrayhat3' and 'Dhalgren' were
 selected by some abuser as preferred nodes in Wordpress login attacks
 against large numbers of small blog-sites hosted by GoDaddy.  GoDaddy
 decided to null-route the relays because of the volume of abuse.

 Tor relays should be able to withstand such blocking and at present it
 falls apart when unbound is the resolver.

 If a fix for this issue is created, I will probably be able to test it for
 some months going forward due to the persistence of the null-routing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18580#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list