[tor-relays] DNS server
I was setting up exit nodes and I had a question. Why is it recommended to use DNS caching software Unbound? What benefits does it provide compared to using hoster's DNS resolver? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay question
Hello, I have a question for other operators of the Tor. I started the nodes recently. On yui.cat status is displayed as offline (https://yui.cat/family/F81C34435CA08B81105B3C77CF29EE7824652BFB/, https://metrics.torproject.org/rs.html#search/family:8CD3507662A9946899CFE37BAA49B6AA58ED3E1D)? I did everything according to the instructions, the server work, the Tor process is running. Yesterday everything was displayed normally on yui.cat. I'm new relay operator, I do not know why it happens. Is this normal? Has anyone had the same situation? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay question
> 30 new exits at Frantec. Did you follow the AUP and send Francisco a ticket > _beforehand_? Reverse DNS! Exit policy Port: 465, 587! > https://buyvm.net/acceptable-use-policy/ No, we did not pay attention to their AUP. We have long been using their services for proxy and there were no problems. Thank you for reminding. > You only set up IPv4. At Frantek you also have IPv6 on every VM. If you need > help setting it up, you can ask here and specify your OS. We think that IPv6 is rarely used and therefore did not put it up. Site yui.cat shows that our nodes offline because not configured IPv6, right? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] DNS server
Does Cash DNS give some advantages in safety? On 2022-04-08 08:06, Thoughts wrote: > Note that any dns caching software would help, unbound is just one > popular one. dnsmasq is another. In fact, if you wanted to, you > could use the full bind package and configure it for caching and > forwarding, although that would be a bit of overkill. Once you > install caching software, make sure your /etc/resolv.conf or > equivalent is pointing to 127.0.0.1 as its first reference. > On 4/8/2022 2:04 AM, abuse--- via tor-relays wrote: > >> From my point of view, it's mostly about reliability. You can use >> the hoster's DNS resolver, but be aware that a high-bandwidth exit >> asks a lot of DNS requests. Not every hoster's DNS resolver might be >> able to cope with it and as a result your exit might give users a >> poor experience. >> >> Best Regards, >> >> Kristian >> >> Apr 8, 2022, 07:20 by onion...@riseup.net: >> >>> I was setting up exit nodes and I had a question. Why is it >>> recommended >>> >>> to use DNS caching software Unbound? What benefits does it provide >>> >>> compared to using hoster's DNS resolver? >>> >>> ___ >>> >>> tor-relays mailing list >>> >>> tor-relays@lists.torproject.org >>> >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay question
I found in syslog file:
http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
-- if you think this is a mistake please set a valid email address in
ContactInfo and send an email to bad-rel...@lists.torproject.org
mentioning your fingerprint(s)?") response from dirserver
131.188.40.189:80. Please correct.
http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
-- if you think this is a mistake please set a valid email address in
ContactInfo and send an email to bad-rel...@lists.torproject.org
mentioning your fingerprint(s)?") response from dirserver
86.59.21.38:80. Please correct.
http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
-- if you think this is a mistake please set a valid email address in
ContactInfo and send an email to bad-rel...@lists.torproject.org
mentioning your fingerprint(s)?") response from dirserver
199.58.81.140:80. Please correct.
http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
-- if you think this is a mistake please set a valid email address in
ContactInfo and send an email to bad-rel...@lists.torproject.org
mentioning your fingerprint(s)?") response from dirserver
154.35.175.225:80. Please correct.
http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
-- if you think this is a mistake please set a valid email address in
ContactInfo and send an email to bad-rel...@lists.torproject.org
mentioning your fingerprint(s)?") response from dirserver
204.13.164.118:80. Please correct.
Unable to find IPv6 address for ORPort 443. You might want to specify
IPv4Only to it or set an explicit address or set Address. [60 similar
message(s) suppressed in last 3540 seconds]
Torrc file attached. VPS servers are online and working.
I setup IPv6 on one VPS and restarted tor, but it doesn't solve the
problem fully.
On 2022-04-11 06:34, li...@for-privacy.net wrote:
> On Sunday, April 10, 2022 2:04:02 AM CEST onion...@riseup.net wrote:
>> > 30 new exits at Frantec. Did you follow the AUP and send Francisco a
>> > ticket
>> > _beforehand_? Reverse DNS! Exit policy Port: 465, 587!
>> > https://buyvm.net/acceptable-use-policy/
>>
>> No, we did not pay attention to their AUP. We have long been using their
>> services for proxy and there were no problems. Thank you for reminding.
>>
>> > You only set up IPv4. At Frantek you also have IPv6 on every VM. If you
>> > need help setting it up, you can ask here and specify your OS.
>>
>> We think that IPv6 is rarely used and therefore did not put it up.
>
> The Tor project has invested a lot of time and effort into improving IPv6
> over
> the last few years. The aim is to also enable IPv6 only relays. We want to
> achieve more diversity, Tor-exit relays under different ASNs and multiple
> ISPs. With IPv4 this is difficult. IP's are empty and to get a /24 you have
> to
> pay around 5000,- EUR in the first year with RIPE. One /24 is the least you
> can announce as an ASN. You can't split that between different data centers.
> IPv6 is easier and cheaper to get. In addition, there are more and more ISPs
> that only offer IPv6.
>
> IPv6 only relays are only possible when almost all Tor relays support it.
> Currently about 75% Tor exits¹ and 50% entry/middle relays.
> https://nusenu.github.io/OrNetStats/#ipv6-relay-stats
> Therefore, anyone who can should configure IPv6 or dual stack.
>
>> Site
>> yui.cat shows that our nodes offline because not configured IPv6, right?
>
> No, yui.cat has nothing to do with it. This is a private status page using
> data from onionoo and Tor-metrics.
> First look at what's in the syslog. If you need help then post the errors and
> your torrc.
> When the Tor daemon is running without errors than as already mentioned, I
> think Francisco took you offline because your relays were blacklisted for
> open
> SMTP ports. Check if you have tickets in stallion. Or ask in the Frantech
> community chat on Discord, Matrix and IRC.
>
> ¹Heck, we've lost some IPv6 % since relayon is down. :-(
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Nickname Chive
MyFamily 9EC5083BC187C911841B1CAFAD9EE634CEB90EC4,
1030A18BAB85D2308E4FAD8A95BE456006F0,
F81C34435CA08B81105B3C77CF29EE7824652BFB,
C7D8C094D2885FBD378A6974612B04D4BE4B978C,
77D56000E85455708C5D45D2DD2D6AB32E46E4CB,
0D47B7FFDB9E0FD4913A7C38FC114533AF42EC6A,
11096F1079E442FFF76A1981F5815959C8C96B2A,
606CA0C1C7A40F7A27A233F0A32AABAA41464592,
DA54B320BFAAED7E48A7DCB90EDB11FC46B2FB65,
64CB875321E6DB7574E4BB2BB5F549494406B62D,
331CCDB53AE3DF933AE2188C03F653589E78CD7D,
2749970D0B5A0ABC4154D61C42A67C70CFAF5F6B,
824CCE7FDC4E03300AE89017CA75F1671AE46A19,
5CF33DE98C9BB2C7FEE5299F1A45439B0DB2EA73,
FCCDA0F529B950A7A2E8D6F12596918AAA7BF973,
44EFF9A121F3F3FC300FF6DE851159AFEC5541FB,
B6B968107D696AD793943350DDCD62BE362B2286,
631E0D1A7A9539C811DEE
Re: [tor-relays] Relay question
Yes, that's right. But our problem is still relevant. Please help us
solve it if you know how
On 2022-04-12 00:39, Georg Koppen wrote:
> onion...@riseup.net:
>> I found in syslog file:
>> http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
>> -- if you think this is a mistake please set a valid email address in
>> ContactInfo and send an email to bad-rel...@lists.torproject.org
>> mentioning your fingerprint(s)?") response from dirserver
>> 131.188.40.189:80. Please correct.
>> http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
>> -- if you think this is a mistake please set a valid email address in
>> ContactInfo and send an email to bad-rel...@lists.torproject.org
>> mentioning your fingerprint(s)?") response from dirserver
>> 86.59.21.38:80. Please correct.
>> http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
>> -- if you think this is a mistake please set a valid email address in
>> ContactInfo and send an email to bad-rel...@lists.torproject.org
>> mentioning your fingerprint(s)?") response from dirserver
>> 199.58.81.140:80. Please correct.
>> http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
>> -- if you think this is a mistake please set a valid email address in
>> ContactInfo and send an email to bad-rel...@lists.torproject.org
>> mentioning your fingerprint(s)?") response from dirserver
>> 154.35.175.225:80. Please correct.
>> http status 400 ("Fingerprint and/or ed25519 identity is marked rejected
>> -- if you think this is a mistake please set a valid email address in
>> ContactInfo and send an email to bad-rel...@lists.torproject.org
>> mentioning your fingerprint(s)?") response from dirserver
>> 204.13.164.118:80. Please correct.
>> Unable to find IPv6 address for ORPort 443. You might want to specify
>> IPv4Only to it or set an explicit address or set Address. [60 similar
>> message(s) suppressed in last 3540 seconds]
>>
>>
>> Torrc file attached. VPS servers are online and working.
>> I setup IPv6 on one VPS and restarted tor, but it doesn't solve the
>> problem fully.
>
> FWIW we are working on this on the bad-relays@ list.
>
> Georg
>
>>
>>
>> On 2022-04-11 06:34, li...@for-privacy.net wrote:
>>> On Sunday, April 10, 2022 2:04:02 AM CEST onion...@riseup.net wrote:
> 30 new exits at Frantec. Did you follow the AUP and send Francisco a
> ticket
> _beforehand_? Reverse DNS! Exit policy Port: 465, 587!
> https://buyvm.net/acceptable-use-policy/
No, we did not pay attention to their AUP. We have long been using their
services for proxy and there were no problems. Thank you for reminding.
> You only set up IPv4. At Frantek you also have IPv6 on every VM. If you
> need help setting it up, you can ask here and specify your OS.
We think that IPv6 is rarely used and therefore did not put it up.
>>>
>>> The Tor project has invested a lot of time and effort into improving IPv6
>>> over
>>> the last few years. The aim is to also enable IPv6 only relays. We want to
>>> achieve more diversity, Tor-exit relays under different ASNs and multiple
>>> ISPs. With IPv4 this is difficult. IP's are empty and to get a /24 you have
>>> to
>>> pay around 5000,- EUR in the first year with RIPE. One /24 is the least you
>>> can announce as an ASN. You can't split that between different data centers.
>>> IPv6 is easier and cheaper to get. In addition, there are more and more ISPs
>>> that only offer IPv6.
>>>
>>> IPv6 only relays are only possible when almost all Tor relays support it.
>>> Currently about 75% Tor exits¹ and 50% entry/middle relays.
>>> https://nusenu.github.io/OrNetStats/#ipv6-relay-stats
>>> Therefore, anyone who can should configure IPv6 or dual stack.
>>>
Site
yui.cat shows that our nodes offline because not configured IPv6, right?
>>>
>>> No, yui.cat has nothing to do with it. This is a private status page using
>>> data from onionoo and Tor-metrics.
>>> First look at what's in the syslog. If you need help then post the errors
>>> and
>>> your torrc.
>>> When the Tor daemon is running without errors than as already mentioned, I
>>> think Francisco took you offline because your relays were blacklisted for
>>> open
>>> SMTP ports. Check if you have tickets in stallion. Or ask in the Frantech
>>> community chat on Discord, Matrix and IRC.
>>>
>>> ¹Heck, we've lost some IPv6 % since relayon is down. :-(
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo
[tor-relays] Bridges configuration
Hello, the Tor community. We already run relays and we have MyFamily configured. Now we want to start bridges. Should bridges have a separate family or we need to include them into relay family? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Another error
Hello, we tried a solution proposed by ad...@for-privacy.net (deleting
/var/lib/tor folder) but now we get another error:
│ 19:41:54 [WARN] http status 400 ("Suspicious relay address range --
if you think this is a mistake please set a valid email address in
ContactInfo and send an email to
│ bad-rel...@lists.torproject.org mentioning your address(es) and
fingerprint(s)?") response from dirserver 204.13.164.118:80. Please
correct.
│ 19:41:54 [WARN] http status 400 ("Suspicious relay address range --
if you think this is a mistake please set a valid email address in
ContactInfo and send an email to
│ bad-rel...@lists.torproject.org mentioning your address(es) and
fingerprint(s)?") response from dirserver 154.35.175.225:80. Please
correct.
│ 19:41:54 [WARN] http status 400 ("Suspicious relay address range --
if you think this is a mistake please set a valid email address in
ContactInfo and send an email to
│ bad-rel...@lists.torproject.org mentioning your address(es) and
fingerprint(s)?") response from dirserver 199.58.81.140:80. Please
correct.
│ 19:41:54 [WARN] http status 400 ("Suspicious relay address range --
if you think this is a mistake please set a valid email address in
ContactInfo and send an email to
│ bad-rel...@lists.torproject.org mentioning your address(es) and
fingerprint(s)?") response from dirserver 86.59.21.38:80. Please
correct.
│ 19:41:54 [WARN] http status 400 ("Suspicious relay address range --
if you think this is a mistake please set a valid email address in
ContactInfo and send an email to
│ bad-rel...@lists.torproject.org mentioning your address(es) and
fingerprint(s)?") response from dirserver 171.25.193.9:443. Please
correct.
│ 19:41:54 [WARN] http status 400 ("Suspicious relay address range --
if you think this is a mistake please set a valid email address in
ContactInfo and send an email to
│ bad-rel...@lists.torproject.org mentioning your address(es) and
fingerprint(s)?") response from dirserver 131.188.40.189:80. Please
correct.
Please help us if you know why it happens
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
