[tor-bugs] #31718 [Internal Services/Tor Sysadmin Team]: Update DNS records for .ooni.torproject.org domains

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 16 15:01:14 UTC 2019


#31718: Update DNS records for .ooni.torproject.org domains
-------------------------------------------------+---------------------
 Reporter:  hellais                              |          Owner:  tpa
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------

Comment (by anarcat):

 i don't exactly know what the policy is regarding CNAMEs, to be honest. :)
 the best source I know of is this:

 https://help.torproject.org/tsa/doc/naming-scheme/

 ... which outlines the distinction between TPO (torproject.org) and TPN
 (torproject.net) that weasel was refering to. The problem might not be
 CNAMEs per se, but pointing to outside stuff.

 Another thing is that CNAMEs are not a great way to move stuff around,
 because they are transparent to clients. An web browser or crawler will
 not treat a CNAME as "this is now hosted over there", it's just an alias.
 For those kind of transitions, you want to do a HTTP redirect, that is
 respond with a 301 (Moved Permanently) or 302 (Found) status code:

 https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#3xx_Redirection

 Then we can deprecate the *.ooni.tpo namespace and eventually transition
 to ooni.io cleanly.

 This is why I was asking about non-HTTP (and non-HTTPS) clients: those
 redirections will work only for HTTP clients. If you have people using
 this over SSH or Git or whatever non-HTTP protocol, those would break of
 course.

 (Sorry if you already know all of this about HTTP status codes vs CNAMEs,
 but I thought it was useful to get back to the specs to clarify my
 thoughts.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31718#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list