Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • TPA team TPA team
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 174
    • Issues 174
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • TPA
  • TPA teamTPA team
  • Issues
  • #32128
Closed
Open
Issue created Oct 17, 2019 by David Fifield@dcf

Point DNS for snowflake-broker.torproject.net at the new broker set up in #29258

Please point the DNS name snowflake-broker.torproject.net at the two IP addresses:

37.218.245.111
2a00:c6c0:0:154:4:d8aa:b4e6:c89f

There is a PGP-signed statement of those addresses at https://lists.torproject.org/pipermail/anti-censorship-team/2019-October/000040.html.

In comment:11:ticket:29258, we set up a new Snowflake broker that has an IPv6 address. At today's anti-censorship meeting we decided to test it by first pointing the (currently unused) snowflake-broker.torproject.net DNS at it.

17:07:37 <dcf1> I've set up a new broker and documented the installation instructions.
17:07:54 <dcf1> https://trac.torproject.org/projects/tor/ticket/29258#comment:11
17:08:20 <dcf1> Figners crossed, I think all that's needed to start using it is to update some DNS records.
17:08:36 <dcf1> But perhpas we should do a smaller-scale test first.
17:09:41 <dcf1> One option is we give the new broker a hostname different than the snowflake-broker ones already in use; that way we can test it ourselves.
17:09:59 <cohosh> we have 3 different broker domains already
17:10:02 <dcf1> Another option is to only set up AAAA records now, so that IPv4 traffic goes to the old broker and IPv6 traffic goes to the new.
17:10:05 <cohosh> bamsoftware, freehaven, and tp.net
17:10:25 <dcf1> Yeah and freehaven is a CNAME to bamsoftware, so really we only need to update bamsoftware and torproject.
17:10:39 <cohosh> we could switch tp.net first and test with that
17:10:54 <cohosh> since freehaven/bamsoftware is the deployed one
17:11:04 <cohosh> we haven't deployed tp.net in the client or proxies yet
17:11:24 <dcf1> Yeah I guess you're right.
17:11:24 <cohosh> due to concerns that some places (like the UK) are good places for proxies but may block tor project domains
17:11:54 <dcf1> And I guess that snowflake-broker.azureedge.net still points to the bamsoftware one, though I would have to check to be sure.
17:12:19 <dcf1> Okay, that's a good idea cohosh. We need to ask someone to update the torproject.net names to the IP addresses mentioned in the ticket.
17:13:14 <dcf1> Then we ourselves can test using the client with `-url https://snowflake-broker.torproject.net/' and proxy-go with `-broker https://snowflake-broker.torproject.net/`

anarcat originally set up the snowflake-broker.torproject.net domain at comment:13:ticket:31232.

Assignee
Assign to
Time tracking