Prop 312: 3.2.1. Make the Address torrc Option Resolve IPv6 Hostnames
This ticket depends on Address IPv6
support in legacy/trac#33233 (moved).
Make relays and bridges use the Address torrc option to find their IPv6 addresses.
This ticket covers the IPv6 hostname / DNS case:
- Hostnames / DNS names:
- allow the option to be specified up to two times,
- look up the configured name,
- use the first IPv4 and IPv6 address returned by the resolver, and Resolving multiple addresses in the same address family is not a runtime error, but only the first address from each family will be used.
These lookups should ignore private addresses on public tor networks. If multiple IPv4 or IPv6 addresses are returned, the first public address from each family should be used.
Tor should warn if a configured Address hostname does not resolve to any publicly routable IPv4 or IPv6 addresses. (If tor is configured with a custom set of directory authorities, private addresses should be allowed, with a notice-level log.) For security reasons, directory authorities only use addresses that are explicitly configured in their torrc. Therefore, we propose that directory authorities only accept IPv4 or IPv6 address literals in their Address option. They must not attempt to resolve their Address using DNS. It is a config error to provide a hostname as a directory authority's Address.
See proposal 312, section 3.2.1, case 2: https://gitweb.torproject.org/torspec.git/tree/proposals/312-relay-auto-ipv6-addr.txt#n258