[tor-dev] Not enabling IPv6 on check.torproject.org?

isis agora lovecruft isis at torproject.org
Thu Aug 18 11:13:08 UTC 2016 

Frederic Jacobs transcribed 3.9K bytes:
> Hello Tor-Dev,
> 
> When opening Tor browser today, I opened check.torproject.org
> <http://check.torproject.org/> and got a really confusing message
> <https://www.fredericjacobs.com/blog/img/tor/ipv6TorCheck.png>.
>
> My assumption is that the circuit had an exit node that had (possibly
> multiple) IPv6-enabled, in addition to it’s IPv4. When the exit node
> connected to the exit node, it did so over IPv6 since check.torproject.org
> <http://check.torproject.org/> has IPv6 addresses.
>
> ~ ❯❯❯ host check.torproject.org
> check.torproject.org is an alias for chiwui.torproject.org.
> chiwui.torproject.org has address 138.201.14.212
> chiwui.torproject.org has IPv6 address 2a01:4f8:172:1b46::abba:20:1
> 
> That’s a scary warning to get in Tor browser. Any reason
> chiwui.torproject.org <http://chiwui.torproject.org/> has an IPv6 address?
> Can it be disabled to avoid having people (unnecessarily) freaking out over
> this warning?
>
> Thoughts?
> 
> Best,
> 
> Frederic 

Hello Frederic,

That's indeed a scary warning.  Removing the AAAA record for check.tpo is
probably the sanest short-term solution.

Long term solutions include:

 - Patching TorDNSEL [0] to add support for IPv6 addresses.  This probably
   requires somewhat of a complete overhaul of TorDNSEL, because:
     1) most of us don't speak Haskell
     2) it's ancient Haskell
     3) the DNSBL was designed to handle queries like
        1.0.0.10.80.4.3.2.1.ip-port.exitlist.example.com.

 - Patching Check [1] to use server descriptors (rather than networkstatus
   documents) and to additionally (in the Stem script) pull IPv6 addresses
   from stem.descriptor.server_descriptor.RelayDescriptor.or_addresses.

Both of those codebases need someone to love them, and contributions from
volunteers feeling so inspired are highly welcome.  A ticket for this is
#19843, [2] although another ticket could be made since that one seems to be
reporting multiple issues (and some of which are not bugs).

Thanks for pointing this out!

[0]: https://gitweb.torproject.org/tordnsel.git/
[1]: https://gitweb.torproject.org/check.git/
[2]: https://trac.torproject.org/projects/tor/ticket/19843

Best regards,
-- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160818/af4ff0df/attachment.sig>

More information about the tor-dev mailing list