[tor-relays] Hostname in DirAuthority config

Dr Gerard Bulger gerard at bulger.co.uk
Tue Feb 7 17:51:56 UTC 2017


I wonder if TOR design should now be more supportive of variable IPs and a spread of IPs for TOR exits.  I am not an IT guru.

 

I gather it was thought to be good manners that the IP of Tor exits were known to the public.  It would at least let recipients know that the originating IP could not be traced when they see that it came from a TOR exit.

 

Alas many services simply trawl the TOR exit node list and block the IPs accordingly for no other reason than TOR must equal bad.  BBC does this.  This means the IP gets blocked for TOR and any other service using that IP.

 

Now IPV6 is coming along a TOR exit node could have a veritable range of IPs and even distribute its outputs across them.  Indeed is it not possible for a tor exit node (whose IP is published) exit connections via another variable IP other or range of IPs ?  

 

Gerry

 

 

 

From: tor-relays [mailto:tor-relays-bounces at lists.torproject.org] On Behalf Of Andrew Smith
Sent: 07 February 2017 15:53
To: tor-relays at lists.torproject.org
Subject: Re: [tor-relays] Hostname in DirAuthority config

 

OK, thanks for the clarification and raising the ticket.

 

To answer the why - for starters I'm trying to run a local tor network for fun and to learn more about tor.

 

Why am I trying to put a hostname in there? Because the system I'm setting up the network in may not have static IPs. As I understand it I need to maintain a DirAuthority line with a hard coded IP for each and every directory authority I run myself. If I can use a DNS name, this will mean I end up updating the torrc with DirAuthority lines a lot less. With IPs I am forced to change every torrc in my network every time an IP changes.

 

There are certainly ways around this (I could have a script populate torrc based upon DNS, for example) but it would make my life easier if I didn't have to.

 

Thanks

 

 

On 6 February 2017 at 23:10, teor <teor2345 at gmail.com <mailto:teor2345 at gmail.com> > wrote:


> On 7 Feb 2017, at 03:31, Andrew Smith <me at andrewmichaelsmith.com <mailto:me at andrewmichaelsmith.com> > wrote:
>
> Hi
>
> I'm experimenting running my own tor network. To achieve this I'm setting DirAuthority in torrc.
>
> But it seems that I cannot use a hostname for my DirAuthority.

Why are you trying to do this?
If you share your goal, we might be able to help you with a workaround
or alternate strategy.

For example, if you use a hostname in the "Address" field, your
authority will look it up, add the IPv4 to its descriptor, and then
other authorities, relays, and clients will use that address.
(After the network has bootstrapped using the original address.)

> For example:
>
> DirAuthority da1 orport=7000 no-v2 v3ident=xxx da1:7000 xxx
>
> Results in the error:
>
> Unrecognized flag 'da1:7000' on DirAuthority line
>
> If I replace "da1" with an IP address there is no error. Is this expected behaviour?

It is the implemented behaviour, and has been since at least 2006
(tor-0.1.2.2-alpha). The code responsible is:

  while (smartlist_len(items)) {
    char *flag = smartlist_get(items, 0);
    if (TOR_ISDIGIT(flag[0]))
      break;

Which means that only IPv4 addresses are guaranteed to work here.

> I'm running tor v0.2.8.12. The documentation calls this an "address" (as opposed to other parts which refer to an "IP") which made me think a hostname would work.

The "Address" torrc option takes a hostname, as do some other options
(I think the HiddenServicePort target is another.)

Thanks for the bug report, we'll fix the man page:
https://trac.torproject.org/projects/tor/ticket/21405

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------




_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org <mailto:tor-relays at lists.torproject.org> 
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays





 

-- 

Andy Smith

http://andrewmichaelsmith.com | @bingleybeep

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170207/6d956dfd/attachment-0001.html>


More information about the tor-relays mailing list