[tor-relays] General overload -> DNS timeouts

Imre Jonk imre at imrejonk.nl
Thu Nov 18 18:42:47 UTC 2021


On Thu, Nov 18, 2021 at 08:30:16AM +0000, Georg Koppen wrote:
> If the overload is related to non-DNS issues, please address it. For the DNS
> case it is currently a bit tricky. We are actively investigating what is
> going on and suspect we are dealing with a bunch of different issues leading
> to the DNS timeouts you and others are seeing. E.g. there might still be
> bugs in our code and there is probably blacklisting of DNS requests stemming
> from Tor related IP addresses involved and likely things we do not fully
> understand yet.
> 
> So, I think until we got down to the root(s) of the DNS timeout problem and
> have a clear understanding about what is going on and how to fix things I'd
> say please ignore the problem for now. We heard that having the local
> resolver using non-Tor IP addresses does make a difference timeout-wise[1]
> which seems related to the Tor-IP-addresses-getting-blocked-at-DNS-level
> angle I mentioned above. Thus, you could set up that if you have not
> already.

Thanks, I'll keep an eye on this list for further developments on this topic.

To clarify, I'm currently using my colocation network's DNS resolver. The
fallback is Hurricane Electric's anycast resolver. Both perform DNSSEC
validation.

> Some folks might consider switching to non-exit nodes to just get rid of the
> overload message. Please bear with us while we are debugging the problem and
> don't do that. :) We'll keep this list in the loop.

Don't worry, this is not something I would quit running an exit for :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20211118/e3076d85/attachment.sig>


More information about the tor-relays mailing list