[tor-relays] debugging unbound on 'torexit' failing DNS queries
nusenu
nusenu-lists at riseup.net
Thu Jan 18 20:45:00 UTC 2018
Quintin:
>> Do you reach your server's conntrack limit?
>
> The word conntrack never appears in my logs, so I don't think it's that.
> The ISP also requires this from tor exits: net.netfilter.nf_conntrack_max =
> 10000
How many conntrack entries do you actually have when you get
sendto failed: Operation not permitted
log entries?
sysctl net.netfilter.nf_conntrack_count
or
cat /proc/sys/net/netfilter/nf_conntrack_count
Regardless of whether this is the root-cause or not,
nf_conntrack_max = 10k is probably to low for an exit relay.
If nf_conntrack_count is near nf_conntrack_max, does the problem
go away when you temporarily increase nf_conntrack_max?
--
https://mastodon.social/@nusenu
twitter: @nusenu_
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180118/f046554e/attachment.sig>
More information about the tor-relays
mailing list