Domain name scheme
Tor uses two main domain names for things:
There might be other domains managed by us or registered in the DNS,
but they should eventually point to one of those, generally
All TPA-managed machines and services on those machines should be
torproject.org. The naming scheme of the individual machines
is detailed below. This is managed by TPA directly through
External services and machines can be hosted under
torproject.net. In that case, the only association is a
A record pointing to the other machine. To get such a record,
contact TPA using the normal communication channels detailed in
Machine naming scheme
There are multiple naming schemes in use:
- onion species
Wikipedia list of onion species, preferably picking a first letter matching purpose (e.g. "m" for monitoring, "b" for backups, "p" for puppet) and ideally not overlapping with existing machines at debian.org in the first three letters or at least the short hostname part
Example: monticola.torproject.org was picked as a "monitoring" ("mon") server to run the experimental Prometheus server. no machine is named "monticola" at Debian.org and no machine has "mon" or smaller as its first three letters there either.
Another naming scheme is
roleis what the server is for, for example
crm, etc. try to keep it short and abbreviate to at most three letters if role is longer than five.
rolemight have a dash (
-) in it to describe the service better (
IDis a two-character number, padded with zero, starting from one, to distinguish between multiple instances of the same server (e.g.
Another naming scheme used for virtual machines is
hoster: is the hosting provider (example
locN: is the three-letter code of the city where the machine is located, followed by a digit in case there are multiple locations in the same city (e.g.
ID: is an two-character number, padded with zero, starting from one, to distinguish multiple instances at the same location
This is used for virtual machines at Hetzner that are bound to a specific location.
Networks also have names. The network names are used in reverse DNS to designate network, gateway and broadcast addresses, but also in howto/ganeti, where networks are managed automatically for virtual machines.
Future networks should be named
FUNis the function (e.g.
LOCNNis the location (e.g.
IDis a two-character number, padded with zero, starting from one, to distinguish multiple instances at the same function/location pair
The first network was named
Ganeti in the Falkenstein datacenter. That naming convention is considered a legacy exception
and should not be reused. It might be changed in the future.