[tor-relays] Hostname in DirAuthority config

teor teor2345 at gmail.com
Wed Feb 8 06:49:08 UTC 2017

> On 8 Feb 2017, at 02:53, Andrew Smith <me at andrewmichaelsmith.com> wrote:
> OK, thanks for the clarification and raising the ticket.
> To answer the why - for starters I'm trying to run a local tor network for fun and to learn more about tor.
> Why am I trying to put a hostname in there? Because the system I'm setting up the network in may not have static IPs. As I understand it I need to maintain a DirAuthority line with a hard coded IP for each and every directory authority I run myself. If I can use a DNS name, this will mean I end up updating the torrc with DirAuthority lines a lot less. With IPs I am forced to change every torrc in my network every time an IP changes.

This is a feature that we're unlikely to implement, because the public
Tor network doesn't want to have to trust the DNS system (it's insecure,
and blocked or modified for some clients).

We *might* accept a patch for this behind a torrc option.

> There are certainly ways around this (I could have a script populate torrc based upon DNS, for example) but it would make my life easier if I didn't have to.

You could use if all the tor instances are on the same machine.

Or if they are all on the same network, you could use a private address

If they're not, you could use a VPN or similar solution to route the
private addresses.

Any of these options require setting a few torrc options that allow
private addresses, the easiest way to do this is to set:

TestingTorNetwork 1

This also changes some other torrc options: read the man page for details.


> On 6 February 2017 at 23:10, teor <teor2345 at gmail.com> wrote:
> > On 7 Feb 2017, at 03:31, Andrew Smith <me at andrewmichaelsmith.com> wrote:
> >
> > Hi
> >
> > I'm experimenting running my own tor network. To achieve this I'm setting DirAuthority in torrc.
> >
> > But it seems that I cannot use a hostname for my DirAuthority.
> Why are you trying to do this?
> If you share your goal, we might be able to help you with a workaround
> or alternate strategy.
> For example, if you use a hostname in the "Address" field, your
> authority will look it up, add the IPv4 to its descriptor, and then
> other authorities, relays, and clients will use that address.
> (After the network has bootstrapped using the original address.)
> > For example:
> >
> > DirAuthority da1 orport=7000 no-v2 v3ident=xxx da1:7000 xxx
> >
> > Results in the error:
> >
> > Unrecognized flag 'da1:7000' on DirAuthority line
> >
> > If I replace "da1" with an IP address there is no error. Is this expected behaviour?
> It is the implemented behaviour, and has been since at least 2006
> (tor- The code responsible is:
>   while (smartlist_len(items)) {
>     char *flag = smartlist_get(items, 0);
>     if (TOR_ISDIGIT(flag[0]))
>       break;
> Which means that only IPv4 addresses are guaranteed to work here.
> > I'm running tor v0.2.8.12. The documentation calls this an "address" (as opposed to other parts which refer to an "IP") which made me think a hostname would work.
> The "Address" torrc option takes a hostname, as do some other options
> (I think the HiddenServicePort target is another.)
> Thanks for the bug report, we'll fix the man page:
> https://trac.torproject.org/projects/tor/ticket/21405
> T
> --


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
xmpp: teor at torproject dot org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170208/d53e3ce5/attachment.sig>

More information about the tor-relays mailing list