bobby stickel:
I get that too I've noticed that Tor makes a lot of quest to non-existent domains. I run a pihole DNS without the ad blocking. I think this is a bug. They should at least give us the ability to control the warning level
It seems only one of your exit relays is affected by a general overload, right? So, it's not clear whether you see the same DNS overload issue other folks are reporting, given that one would expect to see that on all of your relays. Maybe that's a different overload you are seeing which is worth investigating?
Tor does indeed make requests to non-existant domains. That's, in short, to test whether your resolver is behaving as it is supposed to. If you are interested in what tor is actually doing here then dns_launch_correctness_checks() in dns.c[1] is the entry point and your friend.
Georg[1] https://gitlab.torproject.org/tpo/core/tor/-/blob/main/src/feature/relay/dns.c
On Nov 17, 2021 10:38 AM, Imre Jonk <imre@xxxxxxxxxxx> wrote:
On Tue, Nov 09, 2021 at 06:25:31AM -0500, John Csuti via tor-relays wrote:
> Hello all,
>
> I would have to agree on this it appears that the DNS failure timeout is
> too low. I have more then enough bandwidth to host tor exit nodes, and
> my own unbound full recursive relay and yet i still get the timeout
> message 1-1.5%. Sometimes even weird amounts such as 40-50%.
>
> I have been working with a few people on this issue and nothing we have
> tried has fixed this. The other thing is that all other servers i run
> have no issue with DNS timeouts. It appears to only be a TOR issue. I
> would even say that some DNS queries that TOR makes are to taken down
> sites, fake sites or non-existent domains.
I've been scratching my head with this as well. My exit family is shown
as overloaded on Tor Metrics [1]. All four instances run on one OpenBSD
box with ~50% CPU utilization. I've tried a local Unbound resolver as
well as the resolver provided by my colocation network, but the Tor log
and the metrics port keep showing ~1.5% DNS timeouts. I myself don't
notice any DNS issues, but I'm not actively monitoring it. The metrics
port and Tor log don't show any other issues besides DNS timeouts.
I don't know what the default OpenBSD DNS timeout is. It's not
configurable in /etc/resolv.conf, nor is it described in its man page.
My own testing shows that an nslookup timeout takes 15 seconds.
Should I just ignore Tor Metrics saying that my relay is overloaded and
the Tor log saying that the DNS timeouts are above threshold? I
understand that DNS issues are really bad for UX so I want to fix this
if possible.
Thanks,
Imre
[1]
https://metrics.torproject.org/rs.html#search/family:1C4147BDE31ED65715FE1CF088570E145BF46AA1
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays