[tor-dev] Not enabling IPv6 on check.torproject.org?
isis agora lovecruft
isis at torproject.org
Thu Aug 18 11:13:08 UTC 2016
Frederic Jacobs transcribed 3.9K bytes:
> Hello Tor-Dev,
>
> When opening Tor browser today, I opened check.torproject.org
> <http://check.torproject.org/> and got a really confusing message
> <https://www.fredericjacobs.com/blog/img/tor/ipv6TorCheck.png>.
>
> My assumption is that the circuit had an exit node that had (possibly
> multiple) IPv6-enabled, in addition to it’s IPv4. When the exit node
> connected to the exit node, it did so over IPv6 since check.torproject.org
> <http://check.torproject.org/> has IPv6 addresses.
>
> ~ ❯❯❯ host check.torproject.org
> check.torproject.org is an alias for chiwui.torproject.org.
> chiwui.torproject.org has address 138.201.14.212
> chiwui.torproject.org has IPv6 address 2a01:4f8:172:1b46::abba:20:1
>
> That’s a scary warning to get in Tor browser. Any reason
> chiwui.torproject.org <http://chiwui.torproject.org/> has an IPv6 address?
> Can it be disabled to avoid having people (unnecessarily) freaking out over
> this warning?
>
> Thoughts?
>
> Best,
>
> Frederic
Hello Frederic,
That's indeed a scary warning. Removing the AAAA record for check.tpo is
probably the sanest short-term solution.
Long term solutions include:
- Patching TorDNSEL [0] to add support for IPv6 addresses. This probably
requires somewhat of a complete overhaul of TorDNSEL, because:
1) most of us don't speak Haskell
2) it's ancient Haskell
3) the DNSBL was designed to handle queries like
1.0.0.10.80.4.3.2.1.ip-port.exitlist.example.com.
- Patching Check [1] to use server descriptors (rather than networkstatus
documents) and to additionally (in the Stem script) pull IPv6 addresses
from stem.descriptor.server_descriptor.RelayDescriptor.or_addresses.
Both of those codebases need someone to love them, and contributions from
volunteers feeling so inspired are highly welcome. A ticket for this is
#19843, [2] although another ticket could be made since that one seems to be
reporting multiple issues (and some of which are not bugs).
Thanks for pointing this out!
[0]: https://gitweb.torproject.org/tordnsel.git/
[1]: https://gitweb.torproject.org/check.git/
[2]: https://trac.torproject.org/projects/tor/ticket/19843
Best regards,
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160818/af4ff0df/attachment.sig>
More information about the tor-dev
mailing list