🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We had an outage of our encrypted DNS resolver service today between 2022-10-14 01:16:51 and 08:22:42 UTC. We will follow up with a short post-mortem write up and how we will prevent this particular root cause in the future.

We have a better understanding on the Tor exit CPU load issue now: when load increases the rate of incoming OR connections also increases significantly while the number of total open incoming OR connections decreases. This is especially bad on systems with multiple tor processes

we are making some progress in dealing with the CPU load on our tor exit relays, but we are well aware that under the current circumstances this is a loosing battle. Anyway, our server hasn't seen such a low system load for a while... since 23:00 we are testing some new defenses

Thank you powerdns for your generous bug bounty reward (2300€) for reporting a weakness in PowerDNS Recursor 4.8.0 CVE-2023-22617 blog.powerdns.com/2023/01/20/sec…

Unusually high new outbound connection rates at our tor exits forced us to shutdown two tor instances due to CPU load. High outbound connection rates are actually hard to defend if it isn't a single destination IP because current tor doesn't provide any mitigating options.

Our DNS provider deSEC got DDoSed again.. they significantly improved their communications. We are pledging 100€ towards their AXFR support so we can add redundancy. Please consider supporting them as well if you use their services. github.com/desec-io/desec…

according to the snowflake proxy IP lists by github.com/scriptzteam/To… the second largest snowflake proxy population is inside Iran? Is The Tor Project also distributing them to users? DE: 259k snowflake proxy IPs IR: 212k US: 45k ... CN: 3k

Are there any legitimate reasons why default tor clients would directly connect to non-guard exit relays? We are collecting such corner cases. If there are no known reasons we might have an easier time dealing with the ongoing CPU load on our tor exit relays.

We see unusually high DNS timeout rates on our tor exit relays since 2024-03-31 and we confirmed this is not a local issue by comparing graphs with a fellow large scale tor exit relay operator. make sure to have a look at tor_relay_exit_dns_error_total{reason="tor_timeout"}

Important announcement for our DNS over HTTPS service users: We will stop supporting HTTP/1.1 DoH requests soon and support HTTP/2 DoH requests only. Expect this to happen as soon as dnsdist version 1.9.3 reaches FreeBSD package repos.