I disabled all the useRelays settings since my infrastructure is a private network and I dont understand why such a feature could be enabled by default since it could pass sensible informations to who knows where through the web
I really dont understand what discoveries are for…I read the doc, but it stays vague , I also found a few errors
The error lookup discovery-v4-1.syncthing.net on 192.168.1.2:53: no such host means, that your DNS server on 192.168.1.2 cannot lookup host discovery-v4-1.syncthing.net.
You configured your device (the actual OS, not syncthing) to use 192.168.1.2 as DNS server. If that host doesn’t run a DNS server, you have to change the setting.
Relays are enabled by default so novice users can use syncthing without having to do anything (like port forward in the router or enabling standard compliant UPnP on the router).
Syncthing has two types of discovery: global and local.
Local discovery uses broadcast/multicast packets to notify other syncthing devices in the same LAN of its existence.
Global discovery uses servers, run by the syncthing core team, to make an entry in the “global phone book” for syncthing, so that other devices outside your LAN can request the ip and port for device ABCDE-… to be able to connect to it.
Without discovery, you have to enter the ip or host name and port for each device in the remote device addresses field.
You data is encrypted end-to-end. Relays cannot read your data. There is no security risk.
Almost all users user Syncthing to transfer data over the internet. Syncthing caters to this: global discovery and relays allow this to happen, and are enabled by default. If you have special requirements where you cannot allow any data to pass through the wider internet, that’s fair enough, and Syncthing allows this. But don’t expect that to be the default.
Noone ever said it was . If you’re in charge of the architecture, I would have expected you to carry out due diligence and understand how software works before deploying it to your organisation. Please don’t have a go at us because of this.
Syncthing doesn’t know that all of your devices are accessible within the local network unless you tell it. It needs to talk to a relay so that it can accept connections from other configured devices over the internet.
That is not the norm…
Please don’t think I am belittling or ignoring the requirement for some data to stay within very strict parameters but…
If it is supposed to be a locked down network you probably should have read the docks and tried a the system out with non development files first.
I understands your saying, but you dont seem to realize the amount of work, doc reading, different packages, softwares, databases, I had to put into place, so yeah I missed that a package that was supposed to synchronize a couple of machines was going to broadcast it to the whole universe before doing so
I dont mean to be rude , but this conversation is done for me
For future, if you want to have a balanced, constructive conversation, it’s a good idea not to open with phrases like “this is surrealistic to have such an option as a default” and “jee, I got to go do this on all boxes, there should be some kind of disclaimer, come on”.
I understand that you’re frustrated, but this shouldn’t translate into blaming other people.
FYI, There is a good chance your nodes have not transferred data through the relays. They will maintain connections to the relays so they can be reached through them but will use direct connections to other nodes wherever possible.