Re: [tor-relays] Nameservers fail and come back at the same time?

[s7r]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello,

This isn't new, and it happens with any DNS resolver (ISP resolver,
Google or OpenDNS, custom DNS resolver on localhost running unbound or
bind, etc.).

I have experienced it on all the exits I ever run, it's the most
common warning. There's a ticket for it opened by me:

https://trac.torproject.org/projects/tor/ticket/11600

When I opened the ticket, we thought it may be a libevent issue; that
makes the nameserver look down while it is not, but see comment 6 in
the linked ticket - that might be a cause also.

In the mean time until we resolve this just keep the exit running with
a localhost unbound or bind resolver and don't use Google or OpenDNS
resolvers. It's best that an exit relay runs its own resolver.

On 2/1/2016 5:46 AM, Tristan wrote:
> After sending tor a HUP, I now have errors from OpenDNS and Google
> DNS servers. I opened a support ticket with the provider to find
> out how to use their provided nameservers. Looks like I just need
> to keep fiddling. At any rate, I'm still getting plenty of traffic,
> and the servers come back almost instantly, so it shouldn't be
> making too much of an impact.
> 
> Thanks for the help!
> 
> On Jan 31, 2016 5:41 PM, "Tim Wilson-Brown - teor"
> > wrote:
> 
> 
>> On 1 Feb 2016, at 10:38, Tristan > > wrote:
>> 
>> Well, my VPS nameservers are domain names, not IP addresses, so
>> I can't use them directly. In the meantime, I added Open DNS to 
>> resolv.conf, but I still get errors from Google DNS. Do I need
>> to reboot to apply changes to resolv.conf?
>> 
> You likely need to send a HUP to tor to get it to re-read your DNS 
> configuration.
> 
> Maybe Google DNS is not reliable from your location, so you could 
> put another name server first? Or perhaps investigate resolving
> your VPS DNS manually, then using their IP addresses as well?
> 
> Tim
> 
>> On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" 
>> > wrote:
>> 
>> 
>>> On 1 Feb 2016, at 08:19, SuperSluether >> > wrote:
>>> 
>>> I'm not sure how many DNS servers are configured because I 
>>> never configured them. I just installed Tor and edited the 
>>> torrc file with my port, exit policy, and bandwidth options. 
>>> Where would I add/configure DNS servers?
>> 
>> Typically, by editing /etc/resolv.conf. But some platforms
>> automatically generate it using the files in
>> /etc/resolvconf/resolv.conf.d/
>> 
>> It should be fairly straightforward, if not, search the Internet
>> for a HOWTO for your platform.
>> 
>> Tim
>> 
>> Tim Wilson-Brown (teor)
>> 
>> teor2345 at gmail dot com PGP 968F094B
>> 
>> teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F
>> B5A9D14F
>> 
>> 
>> ___ tor-relays
>> mailing list tor-relays@lists.torproject.org 
>>  
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
>> ___ tor-relays
>> mailing list tor-relays@lists.torproject.org 
>>  
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com PGP 968F094B
> 
> teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F
> B5A9D14F
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJWsNTyAAoJEIN/pSyBJlsRyRIH/Rld4INBEbLR8FMCYMvhNbi8
b9kUSzh5s44mfZCf5DG/zBKPiEqGoZZxiV6R4BuNBYL6VnuxrDSEm26D/U2NFO7m
FPO4hbLpjej40piR+2q9FHwWKOmJgWjKq5nql1qRviVmX4fPXeQJ8UzT+Ue/wCKb
4xRtasaSdJY12SuaseLOVKDhFZqBWzn7BFnpMaRDx42MjJpq82OFNEk0Ew/TW1ii
TNzRNMEBFFlNAgh6lEbg9UIhvJQhF9RFItEPaahxudfiHGgCitf0Zj7XJRt64B9g
Ca0uBMbFBPMTNnKzNnvfnw1Sg6zBsRa0XUuAVwFJlAy6jrFGkVlSTbIH2nZpnLk=
=3Fue
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Nameservers fail and come back at the same time?

[Tristan]

Well, my VPS nameservers are domain names, not IP addresses, so I can't use
them directly. In the meantime, I added Open DNS to resolv.conf, but I
still get errors from Google DNS. Do I need to reboot to apply changes to
resolv.conf?
On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" 
wrote:

>
> On 1 Feb 2016, at 08:19, SuperSluether  wrote:
>
> I'm not sure how many DNS servers are configured because I never
> configured them. I just installed Tor and edited the torrc file with my
> port, exit policy, and bandwidth options. Where would I add/configure DNS
> servers?
>
>
> Typically, by editing /etc/resolv.conf.
> But some platforms automatically generate it using the files in
> /etc/resolvconf/resolv.conf.d/
>
> It should be fairly straightforward, if not, search the Internet for a
> HOWTO for your platform.
>
> Tim
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
>
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Nameservers fail and come back at the same time?

[Tim Wilson-Brown - teor]

> On 1 Feb 2016, at 08:19, SuperSluether  wrote:
> 
> I'm not sure how many DNS servers are configured because I never configured 
> them. I just installed Tor and edited the torrc file with my port, exit 
> policy, and bandwidth options. Where would I add/configure DNS servers?

Typically, by editing /etc/resolv.conf.
But some platforms automatically generate it using the files in 
/etc/resolvconf/resolv.conf.d/

It should be fairly straightforward, if not, search the Internet for a HOWTO 
for your platform.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Nameservers fail and come back at the same time?

[Tim Wilson-Brown - teor]

> On 1 Feb 2016, at 10:38, Tristan  wrote:
> 
> Well, my VPS nameservers are domain names, not IP addresses, so I can't use 
> them directly. In the meantime, I added Open DNS to resolv.conf, but I still 
> get errors from Google DNS. Do I need to reboot to apply changes to 
> resolv.conf?
> 
You likely need to send a HUP to tor to get it to re-read your DNS 
configuration.

Maybe Google DNS is not reliable from your location, so you could put another 
name server first?
Or perhaps investigate resolving your VPS DNS manually, then using their IP 
addresses as well?

Tim

> On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor"  > wrote:
> 
>> On 1 Feb 2016, at 08:19, SuperSluether > > wrote:
>> 
>> I'm not sure how many DNS servers are configured because I never configured 
>> them. I just installed Tor and edited the torrc file with my port, exit 
>> policy, and bandwidth options. Where would I add/configure DNS servers?
> 
> Typically, by editing /etc/resolv.conf.
> But some platforms automatically generate it using the files in 
> /etc/resolvconf/resolv.conf.d/
> 
> It should be fairly straightforward, if not, search the Internet for a HOWTO 
> for your platform.
> 
> Tim
> 
> Tim Wilson-Brown (teor)
> 
> teor2345 at gmail dot com
> PGP 968F094B
> 
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Nameservers fail and come back at the same time?

[SuperSluether]

I'm not sure how many DNS servers are configured because I never 
configured them. I just installed Tor and edited the torrc file with my 
port, exit policy, and bandwidth options. Where would I add/configure 
DNS servers?


On 01/31/2016 03:08 PM, Tim Wilson-Brown - teor wrote:


On 1 Feb 2016, at 06:33, SuperSluether > wrote:


My exit node's consensus weight just jumped from 20 to 1750 
overnight. When I checked to see how things were going, my log file 
is full of nameserver problems, happening every couple of minutes:


Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed
Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed
Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed
Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed
Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up

But the "All nameservers have failed" and "Nameserver xxx is back up" 
messages happen in pairs /at the exact same time./ What's going on 
here, and is there a way to fix this? My VPS has 2 nameservers listed 
for it, should I be using those?


The times in tor logs are anonymised by rounding to the nearest 
second. So these entries are close together, but not necessarily at 
the same time.


How many DNS servers do you have configured?
(It looks like it's only one. That's quite a fragile configuration.)
If it fails a request by chance, but the next request succeeds, this 
is the pattern of messages you'll see.


Try adding a local caching resolver as the first listed name server.

You might want to add your VPS DNS servers, and Google's other server 
to the end of the list, too.
(A benefit of using local DNS servers is that fewer networks see your 
DNS requests.
A drawback is that your VPS company then sees your DNS requests and 
your traffic, but they could do this anyway.)


Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Nameservers fail and come back at the same time?

[Tim Wilson-Brown - teor]

> On 1 Feb 2016, at 06:33, SuperSluether  wrote:
> 
> My exit node's consensus weight just jumped from 20 to 1750 overnight. When I 
> checked to see how things were going, my log file is full of nameserver 
> problems, happening every couple of minutes:
> 
> Jan 31 14:12:40.000 [warn] eventdns: All nameservers have failed
> Jan 31 14:12:40.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
> Jan 31 14:18:35.000 [warn] eventdns: All nameservers have failed
> Jan 31 14:18:35.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
> Jan 31 14:20:53.000 [warn] eventdns: All nameservers have failed
> Jan 31 14:20:53.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
> Jan 31 14:20:59.000 [warn] eventdns: All nameservers have failed
> Jan 31 14:20:59.000 [notice] eventdns: Nameserver 8.8.4.4:53 is back up
> 
> But the "All nameservers have failed" and "Nameserver xxx is back up" 
> messages happen in pairs at the exact same time. What's going on here, and is 
> there a way to fix this? My VPS has 2 nameservers listed for it, should I be 
> using those?

The times in tor logs are anonymised by rounding to the nearest second. So 
these entries are close together, but not necessarily at the same time.

How many DNS servers do you have configured?
(It looks like it's only one. That's quite a fragile configuration.)
If it fails a request by chance, but the next request succeeds, this is the 
pattern of messages you'll see.

Try adding a local caching resolver as the first listed name server.

You might want to add your VPS DNS servers, and Google's other server to the 
end of the list, too.
(A benefit of using local DNS servers is that fewer networks see your DNS 
requests.
A drawback is that your VPS company then sees your DNS requests and your 
traffic, but they could do this anyway.)

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Nameservers fail and come back at the same time?

[Tristan]

After sending tor a HUP, I now have errors from OpenDNS and Google DNS
servers. I opened a support ticket with the provider to find out how to use
their provided nameservers. Looks like I just need to keep fiddling. At any
rate, I'm still getting plenty of traffic, and the servers come back almost
instantly, so it shouldn't be making too much of an impact.

Thanks for the help!
On Jan 31, 2016 5:41 PM, "Tim Wilson-Brown - teor" 
wrote:

>
> On 1 Feb 2016, at 10:38, Tristan  wrote:
>
> Well, my VPS nameservers are domain names, not IP addresses, so I can't
> use them directly. In the meantime, I added Open DNS to resolv.conf, but I
> still get errors from Google DNS. Do I need to reboot to apply changes to
> resolv.conf?
>
> You likely need to send a HUP to tor to get it to re-read your DNS
> configuration.
>
> Maybe Google DNS is not reliable from your location, so you could put
> another name server first?
> Or perhaps investigate resolving your VPS DNS manually, then using their
> IP addresses as well?
>
> Tim
>
> On Jan 31, 2016 3:27 PM, "Tim Wilson-Brown - teor" 
> wrote:
>
>>
>> On 1 Feb 2016, at 08:19, SuperSluether  wrote:
>>
>> I'm not sure how many DNS servers are configured because I never
>> configured them. I just installed Tor and edited the torrc file with my
>> port, exit policy, and bandwidth options. Where would I add/configure DNS
>> servers?
>>
>>
>> Typically, by editing /etc/resolv.conf.
>> But some platforms automatically generate it using the files in
>> /etc/resolvconf/resolv.conf.d/
>>
>> It should be fairly straightforward, if not, search the Internet for a
>> HOWTO for your platform.
>>
>> Tim
>>
>> Tim Wilson-Brown (teor)
>>
>> teor2345 at gmail dot com
>> PGP 968F094B
>>
>> teor at blah dot im
>> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
>
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays