> On 8 Feb 2017, at 04:51, Dr Gerard Bulger <ger...@bulger.co.uk> wrote: > > I wonder if TOR design should now be more supportive of variable IPs and a > spread of IPs for TOR exits. I am not an IT guru.
Tor relays detect their own IP address, and can use DNS to do so.
("Address" accepts a hostname.)
The directory authorities do not, because their addresses need to be
fixed for bootstrapping.
> I gather it was thought to be good manners that the IP of Tor exits were
> known to the public. It would at least let recipients know that the
> originating IP could not be traced when they see that it came from a TOR exit.
>
> Alas many services simply trawl the TOR exit node list and block the IPs
> accordingly for no other reason than TOR must equal bad. BBC does this.
> This means the IP gets blocked for TOR and any other service using that IP.
Yes, this is a blocking model that has a number of issues, particularly
on networks that are IPv4-address poor. Blocking should really be done
based on behaviour, not by assuming the same user uses the same address
for a single purpose.
> Now IPV6 is coming along a TOR exit node could have a veritable range of IPs
> and even distribute its outputs across them. Indeed is it not possible for a
> tor exit node (whose IP is published) exit connections via another variable
> IP other or range of IPs ?
Yes, there is an OutboundBindAddress option for this purpose.
> From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf
> Of Andrew Smith
> Sent: 07 February 2017 15:53
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Hostname in DirAuthority config
>
> OK, thanks for the clarification and raising the ticket.
>
> To answer the why - for starters I'm trying to run a local tor network for
> fun and to learn more about tor.
>
> Why am I trying to put a hostname in there? Because the system I'm setting up
> the network in may not have static IPs. As I understand it I need to maintain
> a DirAuthority line with a hard coded IP for each and every directory
> authority I run myself. If I can use a DNS name, this will mean I end up
> updating the torrc with DirAuthority lines a lot less. With IPs I am forced
> to change every torrc in my network every time an IP changes.
>
> There are certainly ways around this (I could have a script populate torrc
> based upon DNS, for example) but it would make my life easier if I didn't
> have to.
>
> Thanks
>
>
> On 6 February 2017 at 23:10, teor <teor2...@gmail.com> wrote:
>>
>> > On 7 Feb 2017, at 03:31, Andrew Smith <m...@andrewmichaelsmith.com> wrote:
>> >
>> > Hi
>> >
>> > I'm experimenting running my own tor network. To achieve this I'm setting
>> > DirAuthority in torrc.
>> >
>> > But it seems that I cannot use a hostname for my DirAuthority.
>>
>> Why are you trying to do this?
>> If you share your goal, we might be able to help you with a workaround
>> or alternate strategy.
>>
>> For example, if you use a hostname in the "Address" field, your
>> authority will look it up, add the IPv4 to its descriptor, and then
>> other authorities, relays, and clients will use that address.
>> (After the network has bootstrapped using the original address.)
>>
>> > For example:
>> >
>> > DirAuthority da1 orport=7000 no-v2 v3ident=xxx da1:7000 xxx
>> >
>> > Results in the error:
>> >
>> > Unrecognized flag 'da1:7000' on DirAuthority line
>> >
>> > If I replace "da1" with an IP address there is no error. Is this expected
>> > behaviour?
>>
>> It is the implemented behaviour, and has been since at least 2006
>> (tor-0.1.2.2-alpha). The code responsible is:
>>
>> while (smartlist_len(items)) {
>> char *flag = smartlist_get(items, 0);
>> if (TOR_ISDIGIT(flag[0]))
>> break;
>>
>> Which means that only IPv4 addresses are guaranteed to work here.
>>
>> > I'm running tor v0.2.8.12. The documentation calls this an "address" (as
>> > opposed to other parts which refer to an "IP") which made me think a
>> > hostname would work.
>>
>> The "Address" torrc option takes a hostname, as do some other options
>> (I think the HiddenServicePort target is another.)
>>
>> Thanks for the bug report, we'll fix the man page:
>> https://trac.torproject.org/projects/tor/ticket/21405
>>
>> T
>>
>> --
>> Tim Wilson-Brown (teor)
>>
>> teor2345 at gmail dot com
>> PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
>> ricochet:ekmygaiu4rzgsk6n
>> xmpp: teor at torproject dot org
>> ------------------------------------------------------------------------
>>
>>
>>
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
>
> --
> Andy Smith
> http://andrewmichaelsmith.com | @bingleybeep
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
