Opened 7 years ago

Closed 7 years ago

#6115 closed defect (worksforme)

Trouble with DNS & HTTP-Everywhere?

Reported by: tmpname0901 Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Seems like a lot of DNS refusals to eff.org. Could this be the result of a misconfiguration in HTTP Everywhere?

See below for the last month of exit node traffic.


# grep "connection refused" /var/named/chroot/var/log/lame.log* | awk '{print $8}' | sort -f | uniq -i -d -c | sort -n | tail -n 10

287 'hostyourpIC.in/A/IN':
295 'surya.addtoiT.com/A/IN':
317 'ns4.offshoredns.co/A/IN':
453 'swiftsrv20.com/A/IN':
618 'www.yikuai.Com/A/IN':

1483 'observatory5.eff.org/A/IN':
1503 'observatory.eFF.oRG/A/IN':
1646 'www.eff.org/A/IN':
1687 'web6.eff.org/A/IN':
1858 'ns6.efF.orG/A/IN':

Child Tickets

Change History (3)

comment:1 Changed 7 years ago by pde

It is normal for browsers with HTTPS Everywhere to connect to www.eff.org (which is currently web6.eff.org) on a daily/weekly basis to check for updates to the extension.  I think we had some outages in the last week, which might explain a number of failed connections, but the number succeeding should be _much_ larger than the number failing.

observatory.eff.org/observatory5.eff.org connections should also be common for users who have enabled the Decentralized SSL Observatory.  I don't know why any of those connections should be refused.

Is there any way that you can compare to the number of successful connections to those hosts?

comment:2 Changed 7 years ago by pde

If not, maybe you could check to see if those failed connections were all during short periods of time? That would be a reassuring result.

comment:3 Changed 7 years ago by pde

Resolution: worksforme
Status: newclosed

Closing this for now, please reopen if you see this again.

Note: See TracTickets for help on using tickets.