Dear Exit relay operators,
first of all thanks for running exit relays!
One of the crucial service that you provide in addition to forwarding TCP streams is DNS resolution for tor clients. Exits relays which fail to resolve hostnames are barely useful for tor clients.
We noticed that lately the failure rates did increase again and would like to urge you to visit Arthur's "Tor Exit DNS Timeouts" page that shows you the DNS error rate for exit relays:
https://arthuredelstein.net/exits/ (the page is usually updated once a day)
Please consider checking your DNS if your exit consistently shows a high (>=20%) timeout rate - and make sure you run an up to date tor version.
If you are an exit operator but have no (or no working) ContactInfo, please consider updating that field in your torrc so we can reach you if something is wrong with your relay.
thanks for caring, nusenu
Understandably I got the following question from an operator (off-list):
How do we fix this?
This was my answer:
For fast exits we generally recommend to run a local caching and validating resolver like unbound, without using forwarding.
Besides being more reliable this also improves latency since many hostnames will be resolved using cached entries.
Regardless of how you proceed: Please do _not_ use Google's DNS server, they see already a lot of DNS traffic.
https://nymity.ch/dns-traffic-correlation/
tor-relays@lists.torproject.org
-
nusenu