[tor-relays] Hostname in DirAuthority config
teor
teor2345 at gmail.com
Wed Feb 8 06:49:08 UTC 2017
> On 8 Feb 2017, at 02:53, Andrew Smith <me at andrewmichaelsmith.com> wrote:
>
> OK, thanks for the clarification and raising the ticket.
>
> To answer the why - for starters I'm trying to run a local tor network for fun and to learn more about tor.
>
> Why am I trying to put a hostname in there? Because the system I'm setting up the network in may not have static IPs. As I understand it I need to maintain a DirAuthority line with a hard coded IP for each and every directory authority I run myself. If I can use a DNS name, this will mean I end up updating the torrc with DirAuthority lines a lot less. With IPs I am forced to change every torrc in my network every time an IP changes.
This is a feature that we're unlikely to implement, because the public
Tor network doesn't want to have to trust the DNS system (it's insecure,
and blocked or modified for some clients).
We *might* accept a patch for this behind a torrc option.
> There are certainly ways around this (I could have a script populate torrc based upon DNS, for example) but it would make my life easier if I didn't have to.
You could use 127.0.0.1 if all the tor instances are on the same machine.
Or if they are all on the same network, you could use a private address
range.
If they're not, you could use a VPN or similar solution to route the
private addresses.
Any of these options require setting a few torrc options that allow
private addresses, the easiest way to do this is to set:
TestingTorNetwork 1
This also changes some other torrc options: read the man page for details.
Tim
> On 6 February 2017 at 23:10, teor <teor2345 at gmail.com> wrote:
>
> > On 7 Feb 2017, at 03:31, Andrew Smith <me at andrewmichaelsmith.com> wrote:
> >
> > Hi
> >
> > I'm experimenting running my own tor network. To achieve this I'm setting DirAuthority in torrc.
> >
> > But it seems that I cannot use a hostname for my DirAuthority.
>
> Why are you trying to do this?
> If you share your goal, we might be able to help you with a workaround
> or alternate strategy.
>
> For example, if you use a hostname in the "Address" field, your
> authority will look it up, add the IPv4 to its descriptor, and then
> other authorities, relays, and clients will use that address.
> (After the network has bootstrapped using the original address.)
>
> > For example:
> >
> > DirAuthority da1 orport=7000 no-v2 v3ident=xxx da1:7000 xxx
> >
> > Results in the error:
> >
> > Unrecognized flag 'da1:7000' on DirAuthority line
> >
> > If I replace "da1" with an IP address there is no error. Is this expected behaviour?
>
> It is the implemented behaviour, and has been since at least 2006
> (tor-0.1.2.2-alpha). The code responsible is:
>
> while (smartlist_len(items)) {
> char *flag = smartlist_get(items, 0);
> if (TOR_ISDIGIT(flag[0]))
> break;
>
> Which means that only IPv4 addresses are guaranteed to work here.
>
> > I'm running tor v0.2.8.12. The documentation calls this an "address" (as opposed to other parts which refer to an "IP") which made me think a hostname would work.
>
> The "Address" torrc option takes a hostname, as do some other options
> (I think the HiddenServicePort target is another.)
>
> Thanks for the bug report, we'll fix the man page:
> https://trac.torproject.org/projects/tor/ticket/21405
>
> T
>
> --
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170208/d53e3ce5/attachment.sig>
More information about the tor-relays
mailing list