stun.syncthing.net doesn't resolve anymore

marbens · March 30, 2025, 4:31am

Syncthing’s STUN server used to have the domain of stun.syncthing.net, but that doesn’t resolve to anything anymore.

calmh · March 30, 2025, 7:42am

I shut it down because keeping it running wasn’t feasible under the circumstances.

bt90 · March 30, 2025, 7:48am

calmh · March 30, 2025, 8:46am

To add to what happened after; traffic kept growing and blocking didn’t help much since it’s UDP and clients keep trying. I think we were up to 200 Mbps of incoming UDP when I dropped the A record. So whatever we end up doing in the future, stun.syncthing.net is probably permanently burned as a name.

bt90 · March 30, 2025, 9:42am

A public STUN server with a fixed domain will always end up on lists like this. The only viable defense is to switch to a different domain from time to time.

calmh · March 30, 2025, 12:20pm

Yeah… And I’m the first to recognise the irony/hypocrisy of on the one hand decrying non-Syncthing clients using our STUN server and on the other hand now just relying on other people’s public STUN servers…

A hardcoded auth credential might help a bit, at least as a clear official discouragement.

bt90 · March 30, 2025, 2:21pm

STUN with authentication requires a bit of effort. This should be enough to discourage the laziest of abusers.

bt90 · March 31, 2025, 9:15pm

Showerthought: resolving the actual STUN server address via a DNS SRV record might also be an alternative. It’s three lines of code in go, but renders the server pretty much unusable for any browser WebRTC stuff

bt90 · June 24, 2025, 6:34am

@calmh any plans to revive the STUN server in the near future?

calmh · June 24, 2025, 7:27am

I have a bit too much on plate already for work and personal reasons and this doesn’t feel like a priority. I can spin up a VM and point a couple of IP addresses to it if you want to do the needful and take it from there, though.

bt90 · June 24, 2025, 1:58pm

Feel free to postpone