discoveries & relays ?

Hi,

can someone explain these to me ?

thanks

The error lookup discovery-v4-1.syncthing.net on 192.168.1.2:53: no such host means, that your DNS server on 192.168.1.2 cannot lookup host discovery-v4-1.syncthing.net. You configured your device (the actual OS, not syncthing) to use 192.168.1.2 as DNS server. If that host doesn’t run a DNS server, you have to change the setting.

Relays are enabled by default so novice users can use syncthing without having to do anything (like port forward in the router or enabling standard compliant UPnP on the router).


Syncthing has two types of discovery: global and local.

Local discovery uses broadcast/multicast packets to notify other syncthing devices in the same LAN of its existence.

Global discovery uses servers, run by the syncthing core team, to make an entry in the “global phone book” for syncthing, so that other devices outside your LAN can request the ip and port for device ABCDE-… to be able to connect to it.

Without discovery, you have to enter the ip or host name and port for each device in the remote device addresses field.

I can already see the face of my boss as he finds out we been connecting to outside relays, this is surrealistic to have such an option as a default


ok but I clearly dont want anything going out of my local net

how do I set discoveries to local only ?

By disabling global discovery and relays.

I cannot find how to disable discoveries in advanced configuration

is it globalAnnounceEnabled ?

Yes, it is. Why are you even in advanced options. Those options are all standard options which can be set in the normal settings, where they have much human friendlier names.

Also, you should disable NAT traversal / UPnP.

In settings, not advanced. Global discovery.

pff of course that brings more fun to the task…

jee, I got to go do this on all boxes, there should be some kind of disclaimer, come on

I don’t see why, syncthing is designed to work across networks and if you are touching the internet it is unlikely you will not travel across third party hardware.

why ? I dont care when it’s getting debian packages but here these are productions files we’re talking about applications in web folders, and so on copyrighted materials code repositories

I clearly dont want anything related to these to transit the web

You data is encrypted end-to-end. Relays cannot read your data. There is no security risk.

Almost all users user Syncthing to transfer data over the internet. Syncthing caters to this: global discovery and relays allow this to happen, and are enabled by default. If you have special requirements where you cannot allow any data to pass through the wider internet, that’s fair enough, and Syncthing allows this. But don’t expect that to be the default.

2 Likes

so… encrypted or not, I am in charge of the architecture, I work a lot to make sure things transit the way I have been requested to, this is not a game

not even talking in term of perfs , what is the point of trying a relay, broadcasting sensible stuffs when all the machines are on the same local private super secured network

no I got to pass in every machine clicking on many options to set them up correctly

  • this will lead to errors/missing ticks
  • am I sure the sync will still work after that since it’s a production system ?

Noone ever said it was :smile:. If you’re in charge of the architecture, I would have expected you to carry out due diligence and understand how software works before deploying it to your organisation. Please don’t have a go at us because of this.

Syncthing doesn’t know that all of your devices are accessible within the local network unless you tell it. It needs to talk to a relay so that it can accept connections from other configured devices over the internet.

5 Likes

totaly, but as I tried it out I did was not aware of this and I repeat, this is an insane “by default” feature

Again, it is not. It would be insane if the default configuration did not work for the majority of users. Not understanding something is not a reason to call it stupid.

1 Like

That is not the norm… Please don’t think I am belittling or ignoring the requirement for some data to stay within very strict parameters but… If it is supposed to be a locked down network you probably should have read the docks and tried a the system out with non development files first.

1 Like

I understands your saying, but you dont seem to realize the amount of work, doc reading, different packages, softwares, databases, I had to put into place, so yeah I missed that a package that was supposed to synchronize a couple of machines was going to broadcast it to the whole universe before doing so

I dont mean to be rude , but this conversation is done for me

you dont get it, and you blame the user ? fine

For future, if you want to have a balanced, constructive conversation, it’s a good idea not to open with phrases like “this is surrealistic to have such an option as a default” and “jee, I got to go do this on all boxes, there should be some kind of disclaimer, come on”.

I understand that you’re frustrated, but this shouldn’t translate into blaming other people.

2 Likes

FYI, There is a good chance your nodes have not transferred data through the relays. They will maintain connections to the relays so they can be reached through them but will use direct connections to other nodes wherever possible.

2 Likes