Skip to content

Resolve primary STUN server(s) via DNS SRV #10029

New issue
New issue
Closed
#10031
Closed
Resolve primary STUN server(s) via DNS SRV#10029
#10031
Labels
enhancementNew features or improvements of some kind, as opposed to a problem (bug)
Milestone
v1.29.6
@bt90

Description

@bt90
bt90
opened on Apr 3, 2025

Feature description

I'd suggest that we resolve our own STUN servers via DNS SRV. This will allow us to change the domain name and IP address of our own STUN server without having to patch Syncthing.

This should be enough to fend off most non-Syncthing users.

If there's a consensus that this is a viable approach, I'd start working on a PR.

Problem or use case

As previously discussed on the forum, we may still want to host our own STUN server. The problem with such a service is that it tends to be abused by others, which ultimately led to the current server being shut down. Any hardcoded address in the codebase is likely to suffer the same fate sooner or later.

see https://forum.syncthing.net/t/stun-syncthing-net-doesnt-resolve-anymore/24075/8

Alternatives or workarounds

Static secrets for the STUN server, but this could suffer the same fate. Anything that can simply be hardcoded into a WebRTC page will eventually be abused. DNS SRV requires backend logic, which should deter more offenders.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew features or improvements of some kind, as opposed to a problem (bug)

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions