[tor-bugs] #18580 [Core Tor/Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Nov 3 00:11:47 UTC 2017

#18580: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
 Reporter:  Dhalgren                             |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.3.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
 Severity:  Major                                |     Resolution:
 Keywords:  tor-relay exit dns unbound needs-    |  Actual Points:
  diagnosis                                      |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by Dhalgren):

 Replying to [comment:25 arma]:
 > Sebastian points out that we are now experiencing this bug on many large
 Tor exit relays, in #21394.
 > So, ten points to Dhalgren for identifying and debugging it early. :)
 > Also, am I reading the above correctly, that evdns does not scale well?
 If so, that is a thing that we should be able to fix on the Tor and/or
 libevent side.



 Thank you.  Points gratefully accepted--is a pleasure when an extensive
 effort like this one proves valuable.

 Unfortunate it took awhile for this ticket to connect with #21394, a
 ticket of which I was unaware though the problem of connection timeouts
 via top-tier relays has irritated me for months.  Didn't cross my mind the
 cause might be one-in-the-same since one cannot trivially determine the
 resolver employed by an exit, and I believed others would discover this
 ticket and the documentation I added and correct for it.  Is so severe I
 frequently consider adding the top 50-100 exits to `ExcludeNodes`.

 Short term the recommended tuning is well worth the cost, but I reviewed
 the code and the performance burden of walking a request list with
 thousands of timing-out DNS queries is probably worth correcting. Red-
 black tree is of course the most versatile and resilient solution, but I
 observe support for double-linked lists was added to the the daemon core
 and implementing one as mentioned in comment:17 above addresses this case
 and may be expedient.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18580#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list