[tor-relays] Logs full of "eventdns: All nameservers have failed"

Andy Isaacson adi at hexapodia.org
Sat Dec 3 22:49:31 UTC 2011


On Sat, Dec 03, 2011 at 07:38:05AM +0100, Klaus Layer wrote:
> my logs are full of these messages:
> 05:54:07 [NOTICE] eventdns: Nameserver 127.0.0.1 is back up
> 05:54:07 [WARN] eventdns: All nameservers have failed
[snip]
> I am wondering if the high bandwidth nodes from torservers and
> noisebridge also show this kind of messages and how they configured
> their nodes to get rid of it. For my node they come up every couple of
> minutes. Between fail and recover is always less than a second.

Yes, we do see that occasionally.  Not very frequently though, and
generally in spurts.  Looking at the logs right now, I see a few dozen
occurrences in a span of about 10 minutes on Dec 1, and a few scattered
instances earlier in the logs -- a total of 56 "All nameservers have
failed" messages from Nov 27 - Dec 3.

Since DNS is the most frequent UDP traffic you'll see on a Tor node,
perhaps this is simply a symptom of high packet loss on your NIC.

We have 4 "nameserver" lines in our /etc/resolv.conf provided by our
ISP.

You could consider running a caching nameserver on localhost.  That
could have negative side effects, though; you're increasing memory and
CPU load by doing so, and potentially increasing attack surface
depending on your exact configuration.


-andy


More information about the tor-relays mailing list