[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] FamilyGenerator: Tor MyFamily Generator



>> - you run your own AS and all servers in that AS are under your control (parameter: as)
>> https://metrics.torproject.org/onionoo.html#parameters_as
> 
> This effectively puts MaxMind in charge of MyFamily.

good point and I guess there is only a handful of operators with their 
own AS anyway

>> - all your relays are under your own DNS domain and only you can generate DNS A records for that domain
>> and [1] is implemented
>> (note: these onionoo fields appear currently somewhat broken)
> 
> There is no attempt currently to perform any DNSSEC or other validation.

I was about to make a ticket for that when I wrote the last mail, 
since using a DNSSEC validating resolver should not be a whole lot of effort.

https://trac.torproject.org/projects/tor/ticket/26901

> Onionoo is useful for many things, but I don't think this is one of
> them. Instead, you can use Ansible/Salt/Puppet/whatever to configure
> MyFamily and there are plenty of ways out there to do this.

+1

nonetheless I find it positive that Neel now finally has a (proper?) MyFamily
config probably because of this non-perfect way of collecting FPs.

I still hope no one is using onionoo query results to alter their config *automatically*

-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays