From a4d119907e3519c4a0e1c402746cbeca656cdae1 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Tue, 18 Aug 2020 22:35:44 -0400
Subject: [PATCH 1/2] fix #1228

---
 default.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/default.yaml b/default.yaml
index 8125e9a6..0a042682 100644
--- a/default.yaml
+++ b/default.yaml
@@ -141,10 +141,11 @@ server:
     # they cannot be relayed to websocket clients).
     enforce-utf8: true
 
-    # whether to look up user hostnames with reverse DNS.
-    # (disabling this will expose user IPs instead of hostnames;
-    # to make IP/hostname information private, see the ip-cloaking section)
-    lookup-hostnames: true
+    # whether to look up user hostnames with reverse DNS. there are 3 possibilities:
+    # 1. lookup-hostnames enabled, IP cloaking disabled; users will see each other's hostnames
+    # 2. lookup-hostnames disabled, IP cloaking disabled; users will see each other's numeric IPs
+    # 3. IP cloaking enabled; users will see cloaked hostnames (see the ip-cloaking section)
+    lookup-hostnames: false
     # whether to confirm hostname lookups using "forward-confirmed reverse DNS", i.e., for
     # any hostname returned from reverse DNS, resolve it back to an IP address and reject it
     # unless it matches the connecting IP
@@ -258,6 +259,7 @@ server:
     # DNS, users see fake domain names like pwbs2ui4377257x8.oragono. These names are
     # generated deterministically from the underlying IP address, but if the underlying
     # IP is not already known, it is infeasible to recover it from the cloaked name.
+    # If you disable this, you should probably enable lookup-hostnames in its place.
     ip-cloaking:
         # whether to enable IP cloaking
         enabled: true

From 9d17ed41b5943704488fc167ce764d96c23780df Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Wed, 19 Aug 2020 15:32:32 -0400
Subject: [PATCH 2/2] clarify which option is the default

---
 default.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/default.yaml b/default.yaml
index 0a042682..332c670c 100644
--- a/default.yaml
+++ b/default.yaml
@@ -144,7 +144,7 @@ server:
     # whether to look up user hostnames with reverse DNS. there are 3 possibilities:
     # 1. lookup-hostnames enabled, IP cloaking disabled; users will see each other's hostnames
     # 2. lookup-hostnames disabled, IP cloaking disabled; users will see each other's numeric IPs
-    # 3. IP cloaking enabled; users will see cloaked hostnames (see the ip-cloaking section)
+    # 3. [the default] IP cloaking enabled; users will see cloaked hostnames
     lookup-hostnames: false
     # whether to confirm hostname lookups using "forward-confirmed reverse DNS", i.e., for
     # any hostname returned from reverse DNS, resolve it back to an IP address and reject it