On Thu, Nov 18, 2021 at 08:30:16AM +0000, Georg Koppen wrote:
If the overload is related to non-DNS issues, please address it. For the DNS case it is currently a bit tricky. We are actively investigating what is going on and suspect we are dealing with a bunch of different issues leading to the DNS timeouts you and others are seeing. E.g. there might still be bugs in our code and there is probably blacklisting of DNS requests stemming from Tor related IP addresses involved and likely things we do not fully understand yet.
So, I think until we got down to the root(s) of the DNS timeout problem and have a clear understanding about what is going on and how to fix things I'd say please ignore the problem for now. We heard that having the local resolver using non-Tor IP addresses does make a difference timeout-wise[1] which seems related to the Tor-IP-addresses-getting-blocked-at-DNS-level angle I mentioned above. Thus, you could set up that if you have not already.
Thanks, I'll keep an eye on this list for further developments on this topic.
To clarify, I'm currently using my colocation network's DNS resolver. The fallback is Hurricane Electric's anycast resolver. Both perform DNSSEC validation.
Some folks might consider switching to non-exit nodes to just get rid of the overload message. Please bear with us while we are debugging the problem and don't do that. :) We'll keep this list in the loop.
Don't worry, this is not something I would quit running an exit for :)