exit relay fails with 'unbound' DNS resolver when lots of requests time-out

per

[tor-relays] What does this message mean in my tor logs? https://lists.torproject.org/pipermail/tor-relays/2016-January/008621.html

[tor-relays] unbound bogs down strangely, degrading exit relay https://lists.torproject.org/pipermail/tor-relays/2016-March/008918.html

Relay daemon ceases to service Tor Browser requests, timing out, when a local instance of 'unbound' is the DNS resolver and large numbers of DNS requests time-out.

Works fine when 'named' is swapped in place of 'unbound'.

GoDaddy DNS stops responding when large numbers of queries are submitted and this was observed as the particular trigger.

To reproduce, configure the SOA+NS records for several thousand dummy domains to point to a non-responding IP, then generate large numbers of requests against them.

The commands

unbound-control dump_requestlist unbound-control dump_infra

are helpful for identifying the state.

Have debug-level daemon trace taken when relay was in the unresponsive condition described.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information