tunneldirconns 0 makes hidden services publish descriptors over http -- and they're refused
Run your Tor with "tunneldirconns 0 prefertunneleddirconns 0" and also a hidden service configured. It will complain with lines like
Feb 09 01:29:41.685 [warn] http status 400 ("Nonauthoritative directory does not accept posted server descriptors") response from dirserver '88.198.180.24:9030'. Malformed rendezvous descriptor?
Feb 09 01:29:41.780 [warn] http status 400 ("Bad Request") response from dirserver '77.247.181.163:80'. Malformed rendezvous descriptor?
Feb 09 01:29:42.778 [warn] http status 400 ("Nonauthoritative directory does not accept posted server descriptors") response from dirserver '144.76.34.179:9030'. Malformed rendezvous descriptor?
Feb 09 01:29:42.807 [warn] http status 400 ("Nonauthoritative directory does not accept posted server descriptors") response from dirserver '173.213.113.155:80'. Malformed rendezvous descriptor?
Feb 09 01:29:44.595 [warn] http status 400 ("Nonauthoritative directory does not accept posted server descriptors") response from dirserver '97.107.142.28:9030'. Malformed rendezvous descriptor?
That's because tunneldirconns 0 instructs Tor to
Feb 09 01:29:41.249 [info] directory_post_to_hs_dir(): Launching upload for v2 descriptor for service 'g7dufxzidsmpomay' with descriptor ID '[...]' with validity of 44457 seconds to hidden service directory 'Firebird' on 173.213.113.155:443.
Feb 09 01:29:41.249 [debug] directory_initiate_command_rend(): anonymized 1, use_begindir 0.
and the use_begindir 0 means that this code never triggers on the server side:
if (options->HidServDirectoryV2 &&
connection_dir_is_encrypted(conn) &&
!strcmpstart(url,"/tor/rendezvous2/publish")) {
meaning it falls through to
if (!authdir_mode(options)) {
/* we just provide cached directories; we don't want to
* receive anything. */
write_http_status_line(conn, 400, "Nonauthoritative directory does not "
"accept posted server descriptors");
which doesn't really tell the user went wrong.