[tor-relays] DDNS with Relays and/or Bridges?
Roger Dingledine
arma at torproject.org
Sun Oct 20 08:26:31 UTC 2019
On Sat, Oct 19, 2019 at 04:57:00PM +0000, nottryingtobelame at protonmail.com wrote:
> can DDNS be used with either relays or bridges?
Yes, you can set your "Address" torrc option to be your dynamic dns name,
and Tor will resolve that name to learn its current IP address.
> I was considering setting up DDNS with FreeDNS mostly for my bridge so that if the IP changes (I have chosen not to subscribe to a static IP with my ISP), my clients can still access the bridge
Alas, this part isn't implemented -- or rather, is no longer
implemented. Tor clients used to be able to use hostnames, not just IP
addresses, in their bridge lines, but in Tor 0.2.5.4-alpha we removed
that feature:
https://bugs.torproject.org/10801
The concern was that a local adversary could lie in response to the DNS
query and send the user off to somewhere else for their bridge.
I still think the feature was a net win, because it gave a big usability
boost and the risks weren't so bad. (You can still use IP addresses
that won't do a resolve, if you're concerned about your DNS resolver
sending you to the wrong place; and you can specify a required identity
fingerprint for your bridge, reducing the damage from mitm or forgery
attempts.)
But here we are.
> If DDNS can be used, my follow-up question is where all would I need to set that information? I'm guessing just in torrc? I do not remember the flag for identifying your IP, as I've always left it blank for Tor to guess, but could the DDNS hostname be entered here in lieu of the IP?
Put it in your Address line.
But it isn't usually needed anymore, since Tor is pretty good at guessing
your address, and the Address line is only used to help Tor decide what
IP address to write in your bridge or relay descriptor.
So my recommendation would be: if the guessing is going wrong somehow
(like if your computer has multiple public IP addresses and Tor is picking
the one you didn't want it to use), set Address. But if the guessing is
working, let it guess.
--Roger
More information about the tor-relays
mailing list