[tor-bugs] #18580 [Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Mar 20 00:59:07 UTC 2016
#18580: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
----------------------+------------------------------
Reporter: Dhalgren | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor | Version: Tor: 0.2.7.6
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: None
----------------------+------------------------------
Comment (by Dhalgren):
Spent some time accessing relays with control-channel commands. GoDaddy
does not appear to be systematically blocking fast Tor relays. However
the block stays once applied. 'ashtrayhat3' can resolve GoDaddy DNS
queries because the operator pointed DNS at a regional resolver. But
'ashtrayhat3' still cannot connect to addresses in AS26496.
Judging by the 30000 GoDaddy domain lookup attempts found in the unbound
cache on my relay, I suspect that 'ashtrayhat3' and 'Dhalgren' were
selected by some abuser as preferred nodes in Wordpress login attacks
against large numbers of small blog-sites hosted by GoDaddy. GoDaddy
decided to null-route the relays because of the volume of abuse.
Tor relays should be able to withstand such blocking and at present it
falls apart when unbound is the resolver.
If a fix for this issue is created, I will probably be able to test it for
some months going forward due to the persistence of the null-routing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18580#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list