[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries

To: tor-relays@xxxxxxxxxxxxxxxxxxxx, Quintin <tor-admin@portaltodark.world>
Subject: Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries
From: nusenu <nusenu-lists@xxxxxxxxxx>
Date: Thu, 18 Jan 2018 20:45:00 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 18 Jan 2018 15:46:01 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1516308342; bh=cGWtReggnNaOM5v2GH8ra5nFzCV121mvSn6qpne635I=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Ak8uIbh8UttAJiZ7GUMggIq0gBsUJRgRu01v6UEmZvd7vR9wYwv35bZKM6bmcaUs1 AKy3KlcEs19WfpeDCbCGDxR6JdEXPTaVDS/ooZACX3Df+G94KVLAMJ4HzdL4dNWrCk aFW7M8xj1s0gSRtpLUqRrgYQfdv1dlrjd0KnIZlw=
In-reply-to: <CACKQKwNOeoUgR7DmVmgRgA6hwQu-NP0RQQ2cA2+1sh8NeTaCJg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <6b6c355f-dffb-26eb-5135-814d4a7e3d6e@riseup.net> <CACKQKwOVxc8np+d_CasiRGiRVAcsi2+FP=Yx6BVfOUVaVhSi0g@mail.gmail.com> <8a7ad7ad-cc65-23bf-edce-147306f72c81@riseup.net> <CACKQKwOCfLYpjwQoQ4GgCnoujw4LV4kKeH2gW7Xuj1mitaUxiA@mail.gmail.com> <26092435-5a5e-14df-3b6c-98290b6f280b@riseup.net> <CACKQKwNYi4sFHb=_6qTMDSntSRCm8JGt-kAtHPdgxMeDxbRGqA@mail.gmail.com> <6e3414ab-12ef-20ba-9a79-2579a5285436@riseup.net> <CACKQKwNOeoUgR7DmVmgRgA6hwQu-NP0RQQ2cA2+1sh8NeTaCJg@mail.gmail.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>


Quintin:
>> Do you reach your server's conntrack limit?
> 
> The word conntrack never appears in my logs, so I don't think it's that.
> The ISP also requires this from tor exits: net.netfilter.nf_conntrack_max =
> 10000

How many conntrack entries do you actually have when you get 
sendto failed: Operation not permitted
log entries?

sysctl net.netfilter.nf_conntrack_count
or
cat /proc/sys/net/netfilter/nf_conntrack_count

Regardless of whether this is the root-cause or not, 
nf_conntrack_max = 10k is probably to low for an exit relay.

If nf_conntrack_count is near nf_conntrack_max, does the problem
go away when you temporarily increase nf_conntrack_max?

-- 
https://mastodon.social/@nusenu
twitter: @nusenu_

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries
  - From: Quintin

References:
- Re: [tor-relays] Assigning BadExit to Exits failing to resolve hostnames starting on 2018-01-15
  - From: nusenu
- [tor-relays] debugging unbound on 'torexit' failing DNS queries
  - From: nusenu
- Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries
  - From: Quintin
- Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries
  - From: nusenu
- Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries
  - From: Quintin

Prev by Author: Re: [tor-relays] Experimental DoS mitigation is in tor master
Next by Author: Re: [tor-relays] >30% of the Tor network runs outdated version: Consider enabling auto-updates
Previous by thread: Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries
Next by thread: Re: [tor-relays] debugging unbound on 'torexit' failing DNS queries
Index(es):
- Author
- Thread