[tor-relays] Local DNS on Exit logs failed user queries
Andrew Deason
adeason at dson.org
Thu Aug 18 05:46:03 UTC 2016
On Wed, 17 Aug 2016 12:23:15 +1000
teor <teor2345-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Has anyone checked if the logs on other resolvers (like unbound) have
> the same issue?
On my exit running unbound, I haven't seen any messages from unbound
beyond the startup/shutdown messages for the past several weeks, but
maybe I just haven't gotten the right errors. I didn't see anything in
the code that looked like logging requested names, but I only took a
quick glance. The default verbosity seems kinda low, but of course
that's no guarantee.
What kind of resolution errors are you talking about? Plain NXDOMAIN
failures, failing to reach nameservers, DNSSEC failed signatures, or
anything else? Do you know of any domains handy that could be used to
test the relevant failure cases? (e.g. a dns entry that points to an
unreachable server, or results in an invalid DNSSEC response, etc.) That
would make it easy for exit operators to test what happens and take out
some guesswork.
--
Andrew Deason
adeason at dson.org
More information about the tor-relays
mailing list