[tor-relays] notices.log: "[warn] Rejecting DNS request from disallowed IP"

To: "tor-relays@xxxxxxxxxxxxxxxxxxxx" <tor-relays@xxxxxxxxxxxxxxxxxxxx>

Subject: [tor-relays] notices.log: "[warn] Rejecting DNS request from disallowed IP"

Date: Fri, 23 Nov 2018 11:20:12 +0000

Delivery-date: Fri, 23 Nov 2018 06:20:26 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.ch; s=default; t=1542972015; bh=vUnMrpX7P7YbwogG5KSwsfiAXBw81wd1kdxtz+dl6io=; h=Date:To:From:Reply-To:Subject:Feedback-ID:From; b=Ovg3jF149/IKM1l06Rovzl013fkii97rgbfZ52OZtpDqlBBzF9WAb6p1tC2rHaa98 tsA5sWpHDAoF7rQqtnyXIHWeAind0mOvy9knDMw6HgXXzOf03/YW83W8d4PekInYXI jCiey6TlDZPfQwRdtzLunMa5d0BwiFyocnAmWhXM=

Feedback-id: nd45DZIqWGmwYn3P24Wu5gbFSwF43p2soehpWDzq8DT6MZyz-ltCJ7Jp3AS5UJTGefchrKe2GEBtHihZICD-aA==:Ext:ProtonMail

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi,

on a small server I did try to force local DNS requests to the local Tor via iptables/ferm (Nat, Output-Chain, protocol udp dport domain REDIRECT to-ports 5300). Torrc has the following included: 'DNSPort 127.0.0.1:5300'.

Unfortunately, it doesn't work as expected, but I get a warning in Tor's notices.log stating "[warn] Rejecting DNS request from disallowed IP" for each DNS request and even after hours of searching around and trying different configs I could't find the root cause yet.

Question: what does "disallowed IP" really mean, i.e. what IPs are allowed by Tor and which ones are not? Any ideas and hints on how to investigate further are highly welcome! :-)

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays