Frederic Jacobs transcribed 3.9K bytes:
Hello Tor-Dev,
When opening Tor browser today, I opened check.torproject.org http://check.torproject.org/ and got a really confusing message https://www.fredericjacobs.com/blog/img/tor/ipv6TorCheck.png.
My assumption is that the circuit had an exit node that had (possibly multiple) IPv6-enabled, in addition to it’s IPv4. When the exit node connected to the exit node, it did so over IPv6 since check.torproject.org http://check.torproject.org/ has IPv6 addresses.
~ ❯❯❯ host check.torproject.org check.torproject.org is an alias for chiwui.torproject.org. chiwui.torproject.org has address 138.201.14.212 chiwui.torproject.org has IPv6 address 2a01:4f8:172:1b46::abba:20:1
That’s a scary warning to get in Tor browser. Any reason chiwui.torproject.org http://chiwui.torproject.org/ has an IPv6 address? Can it be disabled to avoid having people (unnecessarily) freaking out over this warning?
Thoughts?
Best,
Frederic
Hello Frederic,
That's indeed a scary warning. Removing the AAAA record for check.tpo is probably the sanest short-term solution.
Long term solutions include:
- Patching TorDNSEL [0] to add support for IPv6 addresses. This probably requires somewhat of a complete overhaul of TorDNSEL, because: 1) most of us don't speak Haskell 2) it's ancient Haskell 3) the DNSBL was designed to handle queries like 1.0.0.10.80.4.3.2.1.ip-port.exitlist.example.com.
- Patching Check [1] to use server descriptors (rather than networkstatus documents) and to additionally (in the Stem script) pull IPv6 addresses from stem.descriptor.server_descriptor.RelayDescriptor.or_addresses.
Both of those codebases need someone to love them, and contributions from volunteers feeling so inspired are highly welcome. A ticket for this is #19843, [2] although another ticket could be made since that one seems to be reporting multiple issues (and some of which are not bugs).
Thanks for pointing this out!
[0]: https://gitweb.torproject.org/tordnsel.git/ [1]: https://gitweb.torproject.org/check.git/ [2]: https://trac.torproject.org/projects/tor/ticket/19843
Best regards,