[tor-commits] [orbot/master] Fix onion service only working intermittently in VPN mode

n8fr8 at torproject.org n8fr8 at torproject.org
Fri Jul 5 12:40:01 UTC 2019 

commit 2a0a116cd18fd75a6a1503de1c25f4ee171968dd
Author: Peter Gerber <peter at arbitrary.ch>
Date:   Tue Jun 4 17:35:52 2019 +0000

    Fix onion service only working intermittently in VPN mode
    
    This reduces the min. TTL for DNS request to 60 seconds which is also
    the time for which the mapping of an onion address to a virtual IP is
    valid. This change is needed because Tor's internal mapping sometimes
    expired before the 900 seconds previously configured as TTL. This would
    lead to request failing with `WARN: Missing mapping for virtual address
    '[scrubbed]'. Refusing.`
    
    Tor, when resolving onion addresses, uses a TTL of 60 seconds:
    
        $ dig ye3s2gcp2t6ernhy7rtgk6him4iddkvhy4h2csc2wvrfj.onion @localhost -p 5400
    
        ; <<>> DiG 9.14.2 <<>> ye3s2gcp2t6ernhy7rtgk6him4iddkvhy4h2csc2wvrfj.onion @localhost -p 5400
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25321
        ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
        ;; QUESTION SECTION:
        ;ye3s2gcp2t6ernhy7rtgk6him4iddkvhy4h2csc2wvrfj.onion. IN  A
    
        ;; ANSWER SECTION:
        ye3s2gcp2t6ernhy7rtgk6him4iddkvhy4h2csc2wvrfj.onion. 60   IN A 10.209.112.10
    
        ;; Query time: 0 msec
        ;; SERVER: 127.0.0.1#5400(127.0.0.1)
        ;; WHEN: Tue Jun 04 19:39:54 CEST 2019
        ;; MSG SIZE  rcvd: 85
    
    However, pdnsd changed the TTL to 15 minutes:
    
         $ dig ye3s2gcp2t6ernhy7rtgk6him4iddkvhy4h2csc2wvrfj.onion
    
         ; <<>> DiG 9.14.2 <<>> ye3s2gcp2t6ernhy7rtgk6him4iddkvhy4h2csc2wvrfj.onion
         ;; global options: +cmd
         ;; Got answer:
         ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40438
         ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
         ;; OPT PSEUDOSECTION:
         ; EDNS: version: 0, flags:; udp: 1024
         ;; QUESTION SECTION:
         ;ye3s2gcp2t6ernhy7rtgk6him4iddkvhy4h2csc2wvrfj.onion. IN  A
    
         ;; ANSWER SECTION:
         ye3s2gcp2t6ernhy7rtgk6him4iddkvhy4h2csc2wvrfj.onion. 900 IN A 10.209.112.10
    
         ;; Query time: 1 msec
         ;; SERVER: 8.8.8.8#53(8.8.8.8)
         ;; WHEN: Tue Jun 04 19:39:59 CEST 2019
         ;; MSG SIZE  rcvd: 96
---
 orbotservice/src/main/res/values/pdnsd.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/orbotservice/src/main/res/values/pdnsd.xml b/orbotservice/src/main/res/values/pdnsd.xml
index 4fd6d79e..2399e61e 100644
--- a/orbotservice/src/main/res/values/pdnsd.xml
+++ b/orbotservice/src/main/res/values/pdnsd.xml
@@ -7,7 +7,7 @@ global {
 	server_port = 8091;
 	server_ip = 0.0.0.0;
 	query_method=udp_only;
-	min_ttl=15m;
+	min_ttl=1m;
 	max_ttl=1w;
 	timeout=10;
 	daemon=on;

More information about the tor-commits mailing list