DDNS with Relays and/or Bridges?
Forgive me if this is a dumb or newbie question, but can DDNS be used with either relays or bridges? I was considering setting up DDNS with FreeDNS mostly for my bridge so that if the IP changes (I have chosen not to subscribe to a static IP with my ISP), my clients can still access the bridge, rather than having to reset and start the bridge from scratch. Obviously I would not make it "torbridge.anonymousnetwork.com" or anything that would suggest its true use. Maybe something like "photoserver.whatever.com" or something like that. If DDNS can be used, my follow-up question is where all would I need to set that information? I'm guessing just in torrc? I do not remember the flag for identifying your IP, as I've always left it blank for Tor to guess, but could the DDNS hostname be entered here in lieu of the IP? Thanks for your time.
On Sat, Oct 19, 2019 at 04:57:00PM +0000, nottryingtobelame@protonmail.com wrote:
Forgive me if this is a dumb or newbie question, but can DDNS be used with either relays or bridges?
No. Bridges and relays are recorded in the directory by IP address, not hostname. - Matt
On Sat, Oct 19, 2019 at 04:57:00PM +0000, nottryingtobelame@protonmail.com wrote:
can DDNS be used with either relays or bridges?
Yes, you can set your "Address" torrc option to be your dynamic dns name, and Tor will resolve that name to learn its current IP address.
I was considering setting up DDNS with FreeDNS mostly for my bridge so that if the IP changes (I have chosen not to subscribe to a static IP with my ISP), my clients can still access the bridge
Alas, this part isn't implemented -- or rather, is no longer implemented. Tor clients used to be able to use hostnames, not just IP addresses, in their bridge lines, but in Tor 0.2.5.4-alpha we removed that feature: https://bugs.torproject.org/10801 The concern was that a local adversary could lie in response to the DNS query and send the user off to somewhere else for their bridge. I still think the feature was a net win, because it gave a big usability boost and the risks weren't so bad. (You can still use IP addresses that won't do a resolve, if you're concerned about your DNS resolver sending you to the wrong place; and you can specify a required identity fingerprint for your bridge, reducing the damage from mitm or forgery attempts.) But here we are.
If DDNS can be used, my follow-up question is where all would I need to set that information? I'm guessing just in torrc? I do not remember the flag for identifying your IP, as I've always left it blank for Tor to guess, but could the DDNS hostname be entered here in lieu of the IP?
Put it in your Address line. But it isn't usually needed anymore, since Tor is pretty good at guessing your address, and the Address line is only used to help Tor decide what IP address to write in your bridge or relay descriptor. So my recommendation would be: if the guessing is going wrong somehow (like if your computer has multiple public IP addresses and Tor is picking the one you didn't want it to use), set Address. But if the guessing is working, let it guess. --Roger
participants (3)
-
Matt Palmer -
nottryingtobelame@protonmail.com -
Roger Dingledine