[tor-relays] debugging unbound on 'torexit' failing DNS queries (solved)

Quintin tor-admin at portaltodark.world
Wed Jan 24 19:07:46 UTC 2018


Seems my VPS got suspended when I increased the connlimit above 10000. Do
you think my INPUT filters which use conntrack could have caused this issue?


On Mon, Jan 22, 2018 at 10:55 AM eric gisse <jowr.pi at gmail.com> wrote:

> I can kinda answer that.
>
> I run an exit node that happily does 200-250mbit/s according to
> netdata accounting and my monitoring regularly pegs it at nearly 200k
> connections. Usually 100-150k.
>
> On Sun, Jan 21, 2018 at 4:06 PM, nusenu <nusenu-lists at riseup.net> wrote:
> >
> >
> > Quintin:
> >> Ah, thats it. My conntrack entries are full and temporarily increasing
> it
> >> resolves the problem.
> >
> > I'm glad we found the problem and the solution.
> >
> > Your exit appears to be offline since 2018-01-20 20:00, expected
> downtime?
> >
> https://atlas.torproject.org/#details/92E3764D5485DC4AC01178271FB5A8A2D90DA9FF
> >
> >> What would be a reasonable conntrack limit for a tor exit?
> >
> > The amount of states depend on your consensus weight (and probably exit
> policy),
> > do you require a stateful packet filter?
> >
> >
> > --
> > https://mastodon.social/@nusenu
> > twitter: @nusenu_
> >
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>


-- 
0101100101000001010010000101011101000101010010000010000001000010
0100110001000101010100110101001100100000010110010100111101010101
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180124/ee1d5872/attachment.html>


More information about the tor-relays mailing list