DNS DDoS via multiple exit relays causing performance issues?


I’ve never observed this before, and want to ask if anyone has experienced this themselves. On a few exit nodes, I have the issue that unbound suddenly goes to a sustained 100% CPU usage. It’s killing my relay bandwidth and DNS performance (normal circuits / users are not able to resolve anymore). A restart of the service solves, but sometimes the issue returns. The only reasonable explanation I’ve been able to come up with, is that someone is using my relays to perform DNS based DDOS attacks. Is this really a plausable scenario? I don’t have any custom unbound config, it’s just install and go.

Hello, yes, some exit operators reported that issue last year.
You may find this project by Artikel10 useful:

From tor-relays mailing list:

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.