[tor-relays] Hostname in DirAuthority config

teor teor2345 at gmail.com
Wed Feb 8 06:51:44 UTC 2017 

> On 8 Feb 2017, at 04:51, Dr Gerard Bulger <gerard at bulger.co.uk> wrote:
> 
> I wonder if TOR design should now be more supportive of variable IPs and a spread of IPs for TOR exits.  I am not an IT guru.

Tor relays detect their own IP address, and can use DNS to do so.
("Address" accepts a hostname.)

The directory authorities do not, because their addresses need to be
fixed for bootstrapping.

> I gather it was thought to be good manners that the IP of Tor exits were known to the public.  It would at least let recipients know that the originating IP could not be traced when they see that it came from a TOR exit.
> 
> Alas many services simply trawl the TOR exit node list and block the IPs accordingly for no other reason than TOR must equal bad.  BBC does this.  This means the IP gets blocked for TOR and any other service using that IP.

Yes, this is a blocking model that has a number of issues, particularly
on networks that are IPv4-address poor. Blocking should really be done
based on behaviour, not by assuming the same user uses the same address
for a single purpose.

> Now IPV6 is coming along a TOR exit node could have a veritable range of IPs and even distribute its outputs across them.  Indeed is it not possible for a tor exit node (whose IP is published) exit connections via another variable IP other or range of IPs ?

Yes, there is an OutboundBindAddress option for this purpose.

> From: tor-relays [mailto:tor-relays-bounces at lists.torproject.org] On Behalf Of Andrew Smith
> Sent: 07 February 2017 15:53
> To: tor-relays at lists.torproject.org
> Subject: Re: [tor-relays] Hostname in DirAuthority config
> 
> OK, thanks for the clarification and raising the ticket.
> 
> To answer the why - for starters I'm trying to run a local tor network for fun and to learn more about tor.
> 
> Why am I trying to put a hostname in there? Because the system I'm setting up the network in may not have static IPs. As I understand it I need to maintain a DirAuthority line with a hard coded IP for each and every directory authority I run myself. If I can use a DNS name, this will mean I end up updating the torrc with DirAuthority lines a lot less. With IPs I am forced to change every torrc in my network every time an IP changes.
> 
> There are certainly ways around this (I could have a script populate torrc based upon DNS, for example) but it would make my life easier if I didn't have to.
> 
> Thanks
> 
> 
> On 6 February 2017 at 23:10, teor <teor2345 at gmail.com> wrote:
>> 
>> > On 7 Feb 2017, at 03:31, Andrew Smith <me at andrewmichaelsmith.com> wrote:
>> >
>> > Hi
>> >
>> > I'm experimenting running my own tor network. To achieve this I'm setting DirAuthority in torrc.
>> >
>> > But it seems that I cannot use a hostname for my DirAuthority.
>> 
>> Why are you trying to do this?
>> If you share your goal, we might be able to help you with a workaround
>> or alternate strategy.
>> 
>> For example, if you use a hostname in the "Address" field, your
>> authority will look it up, add the IPv4 to its descriptor, and then
>> other authorities, relays, and clients will use that address.
>> (After the network has bootstrapped using the original address.)
>> 
>> > For example:
>> >
>> > DirAuthority da1 orport=7000 no-v2 v3ident=xxx da1:7000 xxx
>> >
>> > Results in the error:
>> >
>> > Unrecognized flag 'da1:7000' on DirAuthority line
>> >
>> > If I replace "da1" with an IP address there is no error. Is this expected behaviour?
>> 
>> It is the implemented behaviour, and has been since at least 2006
>> (tor-0.1.2.2-alpha). The code responsible is:
>> 
>>   while (smartlist_len(items)) {
>>     char *flag = smartlist_get(items, 0);
>>     if (TOR_ISDIGIT(flag[0]))
>>       break;
>> 
>> Which means that only IPv4 addresses are guaranteed to work here.
>> 
>> > I'm running tor v0.2.8.12. The documentation calls this an "address" (as opposed to other parts which refer to an "IP") which made me think a hostname would work.
>> 
>> The "Address" torrc option takes a hostname, as do some other options
>> (I think the HiddenServicePort target is another.)
>> 
>> Thanks for the bug report, we'll fix the man page:
>> https://trac.torproject.org/projects/tor/ticket/21405
>> 
>> T
>> 
>> --
>> Tim Wilson-Brown (teor)
>> 
>> teor2345 at gmail dot com
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> xmpp: teor at torproject dot org
>> ------------------------------------------------------------------------
>> 
>> 
>> 
>> 
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> 
> 
> 
> 
> --
> Andy Smith
> http://andrewmichaelsmith.com | @bingleybeep
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170208/fa9554f7/attachment.sig>

More information about the tor-relays mailing list