[tor-relays] Logs full of "eventdns: All nameservers have failed"
Andy Isaacson
adi at hexapodia.org
Sat Dec 3 22:49:31 UTC 2011
On Sat, Dec 03, 2011 at 07:38:05AM +0100, Klaus Layer wrote:
> my logs are full of these messages:
> 05:54:07 [NOTICE] eventdns: Nameserver 127.0.0.1 is back up
> 05:54:07 [WARN] eventdns: All nameservers have failed
[snip]
> I am wondering if the high bandwidth nodes from torservers and
> noisebridge also show this kind of messages and how they configured
> their nodes to get rid of it. For my node they come up every couple of
> minutes. Between fail and recover is always less than a second.
Yes, we do see that occasionally. Not very frequently though, and
generally in spurts. Looking at the logs right now, I see a few dozen
occurrences in a span of about 10 minutes on Dec 1, and a few scattered
instances earlier in the logs -- a total of 56 "All nameservers have
failed" messages from Nov 27 - Dec 3.
Since DNS is the most frequent UDP traffic you'll see on a Tor node,
perhaps this is simply a symptom of high packet loss on your NIC.
We have 4 "nameserver" lines in our /etc/resolv.conf provided by our
ISP.
You could consider running a caching nameserver on localhost. That
could have negative side effects, though; you're increasing memory and
CPU load by doing so, and potentially increasing attack surface
depending on your exact configuration.
-andy
More information about the tor-relays
mailing list