(apt.) syncthing.dev domain

rizzolessio · September 14, 2025, 6:36am

After the release of 2.0.8 on September 08, on the 10th I was manually performing the update on two of my servers (one Ubuntu, one Debian, both using the stable-v2 apt repo setup as instructed on https://apt.syncthing.net/). On both machines, package download wasn’t starting due to TLS hanging on apt.syncthing.dev .

On the spot I didn’t recognize the unfamiliar TLD. I confirmed with cur / nmap that port 443 of that .dev address wasn’t usable on any of my machines, and trying to dig it gave my 0.0.0.0, so I went looking in my DNS server and, lo and behold, it was blocked by my “newly registered domains” DNS blocklist.

My 11PM tired brain (in retrospective, terrible idea to perform maintenance like that) just assumed some domain registration mishap on Syncthing side that reset the domain age count. So I add apt.syncthing.dev to whitelist, apt upgrade starts working immediately, and my servers are happy.

Doing some internal documentation cleanup the other day made me realize that both the release key and apt source are documented to be on .net, and in no part of the documentation was .dev mentioned. Also, thinking more clearly, updates from 2.0.0 to 2.0.7 did run fine up to that point. Just to test, I moved apt.syncthing.dev from whitelist to manual blacklist, tried upgrading to 2.0.9, and yes, the download is hanging again:

Ign:1 https://apt.syncthing.dev syncthing/stable-v2 amd64 syncthing amd64 2.0.9
Ign:1 https://apt.syncthing.dev syncthing/stable-v2 amd64 syncthing amd64 2.0.9
Ign:1 https://apt.syncthing.dev syncthing/stable-v2 amd64 syncthing amd64 2.0.9
Err:1 https://apt.syncthing.dev syncthing/stable-v2 amd64 syncthing amd64 2.0.9
  Could not connect to apt.syncthing.dev:443 (0.0.0.0). - connect (111: Connection refused) Could not connect to apt.syncthing.dev:443 (::). - connect (111: Connection refused)
E: Failed to fetch https://apt.syncthing.dev/pool/syncthing_2.0.9_amd64.deb  Could not connect to apt.syncthing.dev:443 (0.0.0.0). - connect (111: Connection refused) Could not connect to apt.syncthing.dev:443 (::). - connect (111: Connection refused)

So, the main question: is syncthing.dev a trustable domain in the hands of the Syncthing developers?

.net seems registered on digitalocean, .dev seems to be on Cloudflare DNS, but at the current time neither dig nor whois give me anything about on the latter. Same with a string search on search engines and Github, no mention, hence the slight worry of something nasty. Hope the domain situation can be clarified.

calmh · September 14, 2025, 6:45am

Yes, it’s trustable. I needed a new domain for CDN purposes, and that one was available. It is new as of last week and currently only used for blob storage, e.g. things like Debian packages.

system · October 14, 2025, 6:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.