[tor-relays] unbound bogs down strangely, degrading exit relay
Dhalgren Tor
dhalgren.tor at gmail.com
Fri Mar 18 18:02:02 UTC 2016
Problem came back again while I was working on the exit.
unbound-control purge_requestlist
does not help but it appears that
unbound-control purge_infra
unbound-control purge_requestlist
will clear up the problem without requiring a daemon restart--at least
temporarily.
Also tried setting
do-tcp: off
but this did not appear to make a difference.
Seems to me a degenerate interaction between tor's 'eventdns'
subsystem and 'unbound' comes into play when this DNS flood/attack
occurs. Have an 'info' level log with SafeLogging=0 for a few minutes
where the relay was in the bogged-down state and was failing to
service Tor Browser requests. If developer is interested in taking a
look at this please contact me directly.
This issue is a PIA and if it continues I'll give up on 'unbound' and
follow the previous operator, switching to bind9 despite the lesser
performance.
More information about the tor-relays
mailing list