On Sat, Dec 03, 2011 at 07:38:05AM +0100, Klaus Layer wrote:
my logs are full of these messages: 05:54:07 [NOTICE] eventdns: Nameserver 127.0.0.1 is back up 05:54:07 [WARN] eventdns: All nameservers have failed
[snip]
I am wondering if the high bandwidth nodes from torservers and noisebridge also show this kind of messages and how they configured their nodes to get rid of it. For my node they come up every couple of minutes. Between fail and recover is always less than a second.
Yes, we do see that occasionally. Not very frequently though, and generally in spurts. Looking at the logs right now, I see a few dozen occurrences in a span of about 10 minutes on Dec 1, and a few scattered instances earlier in the logs -- a total of 56 "All nameservers have failed" messages from Nov 27 - Dec 3.
Since DNS is the most frequent UDP traffic you'll see on a Tor node, perhaps this is simply a symptom of high packet loss on your NIC.
We have 4 "nameserver" lines in our /etc/resolv.conf provided by our ISP.
You could consider running a caching nameserver on localhost. That could have negative side effects, though; you're increasing memory and CPU load by doing so, and potentially increasing attack surface depending on your exact configuration.
-andy