[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18580 [Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out

Subject: Re: [tor-bugs] #18580 [Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 11 Apr 2016 00:30:40 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 10 Apr 2016 20:30:49 -0400
In-reply-to: <048.384f59af89d4db440d5efc60126c6f05@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.384f59af89d4db440d5efc60126c6f05@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18580: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
----------------------+------------------------------
 Reporter:  Dhalgren  |          Owner:
     Type:  defect    |         Status:  new
 Priority:  Medium    |      Milestone:
Component:  Tor       |        Version:  Tor: 0.2.7.6
 Severity:  Major     |     Resolution:
 Keywords:            |  Actual Points:
Parent ID:            |         Points:
 Reviewer:            |        Sponsor:  None
----------------------+------------------------------

Comment (by Dhalgren):

 Put the exit back to Unbound to see how this works.

 Settled on

    options timeout:5 attempts:1 max-inflight:16384 max-timeouts:1000000
    nameserver 127.0.0.1

 where it turns out that max-timeouts is capped at 255 by eventdns.c.  Will
 create a patch to remove the 255 limit on next Tor daemon update.  Only
 purpose for the "down resolver" state is to shift load to a different
 resolver, but in this situation that's undesirable.  Have exactly one
 local resolver and if it fails an alarm goes off for manual attention.

 I might also create an alarm that triggers when

    unbound-control dump_requestlist

 grows to more than 200 pending requests since that's what was observed
 during the relay failure.  Shouldn't fail now but will be interesting to
 verify that and examine the next DNS potential DOS situation.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18580#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #18580 [Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
Next by Author: Re: [tor-bugs] #18580 [Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
Previous by thread: Re: [tor-bugs] #18580 [Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
Next by thread: Re: [tor-bugs] #18580 [Tor]: exit relay fails with 'unbound' DNS resolver when lots of requests time-out
Index(es):
- Author
- Thread