Remi Gacogne:

Hi Georg,

On 1/23/20 4:21 PM, Georg Koppen wrote:

...

Your relay AquaRayTerminus[1] seems to fail relaying exit traffic according to our measurements. We ran tests from different vantage points and it was not possible in 10/10 cases to reach https://example.com. Could you please look into that and resolve the issue on your end?

Our overall runs and results are available on Github.[2] Please let us know if you have further questions and when the problem is resolved on your side.

This should be fixed now. We had a DNSSEC validation issue for this domain, due to a MTU issue somewhere along the way between the NS for example.com and our recursive servers (DNSKEY answers were lost over UDP, leading to DNSSEC validation failure).

I would suggest trying with an additional non DNSSEC-signed domain to be able to differentiate various kinds of issues, although I completely agree that exit nodes should handle DNSSEC-signed domains gracefully.

Yes, that's a good idea and I'll tweak our script accordingly.

Thank you for running these measurements of the Tor exit nodes!

You are welcome!

Georg

Best regards,

Remi