[tor-bugs] #32128 [Internal Services/Tor Sysadmin Team]: Point DNS for snowflake-broker.torproject.net at the new broker set up in #29258
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 17 18:34:48 UTC 2019
#32128: Point DNS for snowflake-broker.torproject.net at the new broker set up in
#29258
-------------------------------------------------+-------------------------
Reporter: dcf | Owner: tpa
Type: task | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin | Version:
Team |
Severity: Normal | Keywords: snowflake
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------+-------------------------
Please point the DNS name snowflake-broker.torproject.net at the two IP
addresses:
{{{
37.218.245.111
2a00:c6c0:0:154:4:d8aa:b4e6:c89f
}}}
There is a PGP-signed statement of those addresses at
https://lists.torproject.org/pipermail/anti-censorship-
team/2019-October/000040.html.
In comment:11:ticket:29258, we set up a new Snowflake broker that has an
IPv6 address. At [http://meetbot.debian.net/tor-meeting/2019/tor-
meeting.2019-10-17-16.59.log.html today's anti-censorship meeting] we
decided to test it by first pointing the (currently unused) snowflake-
broker.torproject.net DNS at it.
{{{
17:07:37 <dcf1> I've set up a new broker and documented the installation
instructions.
17:07:54 <dcf1>
https://trac.torproject.org/projects/tor/ticket/29258#comment:11
17:08:20 <dcf1> Figners crossed, I think all that's needed to start using
it is to update some DNS records.
17:08:36 <dcf1> But perhpas we should do a smaller-scale test first.
17:09:41 <dcf1> One option is we give the new broker a hostname different
than the snowflake-broker ones already in use; that way we can test it
ourselves.
17:09:59 <cohosh> we have 3 different broker domains already
17:10:02 <dcf1> Another option is to only set up AAAA records now, so that
IPv4 traffic goes to the old broker and IPv6 traffic goes to the new.
17:10:05 <cohosh> bamsoftware, freehaven, and tp.net
17:10:25 <dcf1> Yeah and freehaven is a CNAME to bamsoftware, so really we
only need to update bamsoftware and torproject.
17:10:39 <cohosh> we could switch tp.net first and test with that
17:10:54 <cohosh> since freehaven/bamsoftware is the deployed one
17:11:04 <cohosh> we haven't deployed tp.net in the client or proxies yet
17:11:24 <dcf1> Yeah I guess you're right.
17:11:24 <cohosh> due to concerns that some places (like the UK) are good
places for proxies but may block tor project domains
17:11:54 <dcf1> And I guess that snowflake-broker.azureedge.net still
points to the bamsoftware one, though I would have to check to be sure.
17:12:19 <dcf1> Okay, that's a good idea cohosh. We need to ask someone to
update the torproject.net names to the IP addresses mentioned in the
ticket.
17:13:14 <dcf1> Then we ourselves can test using the client with `-url
https://snowflake-broker.torproject.net/' and proxy-go with `-broker https
://snowflake-broker.torproject.net/`
}}}
anarcat originally set up the snowflake-broker.torproject.net domain at
comment:13:ticket:31232.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32128>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list