[tor-relays] Hostname in DirAuthority config

Andrew Smith me at andrewmichaelsmith.com
Thu Feb 9 10:11:50 UTC 2017 

Thanks for the clarification, I've managed to get it going with a few
scripts to edit my torrc on start.

On 8 February 2017 at 06:49, teor <teor2345 at gmail.com> wrote:

>
> > On 8 Feb 2017, at 02:53, Andrew Smith <me at andrewmichaelsmith.com> wrote:
> >
> > OK, thanks for the clarification and raising the ticket.
> >
> > To answer the why - for starters I'm trying to run a local tor network
> for fun and to learn more about tor.
> >
> > Why am I trying to put a hostname in there? Because the system I'm
> setting up the network in may not have static IPs. As I understand it I
> need to maintain a DirAuthority line with a hard coded IP for each and
> every directory authority I run myself. If I can use a DNS name, this will
> mean I end up updating the torrc with DirAuthority lines a lot less. With
> IPs I am forced to change every torrc in my network every time an IP
> changes.
>
> This is a feature that we're unlikely to implement, because the public
> Tor network doesn't want to have to trust the DNS system (it's insecure,
> and blocked or modified for some clients).
>
> We *might* accept a patch for this behind a torrc option.
>
> > There are certainly ways around this (I could have a script populate
> torrc based upon DNS, for example) but it would make my life easier if I
> didn't have to.
>
> You could use 127.0.0.1 if all the tor instances are on the same machine.
>
> Or if they are all on the same network, you could use a private address
> range.
>
> If they're not, you could use a VPN or similar solution to route the
> private addresses.
>
> Any of these options require setting a few torrc options that allow
> private addresses, the easiest way to do this is to set:
>
> TestingTorNetwork 1
>
> This also changes some other torrc options: read the man page for details.
>
> Tim
>
> > On 6 February 2017 at 23:10, teor <teor2345 at gmail.com> wrote:
> >
> > > On 7 Feb 2017, at 03:31, Andrew Smith <me at andrewmichaelsmith.com>
> wrote:
> > >
> > > Hi
> > >
> > > I'm experimenting running my own tor network. To achieve this I'm
> setting DirAuthority in torrc.
> > >
> > > But it seems that I cannot use a hostname for my DirAuthority.
> >
> > Why are you trying to do this?
> > If you share your goal, we might be able to help you with a workaround
> > or alternate strategy.
> >
> > For example, if you use a hostname in the "Address" field, your
> > authority will look it up, add the IPv4 to its descriptor, and then
> > other authorities, relays, and clients will use that address.
> > (After the network has bootstrapped using the original address.)
> >
> > > For example:
> > >
> > > DirAuthority da1 orport=7000 no-v2 v3ident=xxx da1:7000 xxx
> > >
> > > Results in the error:
> > >
> > > Unrecognized flag 'da1:7000' on DirAuthority line
> > >
> > > If I replace "da1" with an IP address there is no error. Is this
> expected behaviour?
> >
> > It is the implemented behaviour, and has been since at least 2006
> > (tor-0.1.2.2-alpha). The code responsible is:
> >
> >   while (smartlist_len(items)) {
> >     char *flag = smartlist_get(items, 0);
> >     if (TOR_ISDIGIT(flag[0]))
> >       break;
> >
> > Which means that only IPv4 addresses are guaranteed to work here.
> >
> > > I'm running tor v0.2.8.12. The documentation calls this an "address"
> (as opposed to other parts which refer to an "IP") which made me think a
> hostname would work.
> >
> > The "Address" torrc option takes a hostname, as do some other options
> > (I think the HiddenServicePort target is another.)
> >
> > Thanks for the bug report, we'll fix the man page:
> > https://trac.torproject.org/projects/tor/ticket/21405
> >
> > T
> >
> > --
>
> T
>
> --
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
> ricochet:ekmygaiu4rzgsk6n
> xmpp: teor at torproject dot org
> ------------------------------------------------------------------------
>
>
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>


-- 
Andy Smith
http://andrewmichaelsmith.com | @bingleybeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170209/b3d34eb5/attachment.html>

More information about the tor-relays mailing list