"Unable to resolve primary STUN servers via DNS" notice spam on Android

tomasz86 · April 14, 2025, 5:41pm

I’m getting these messages on Android. This is with Syncthing v2 beta9, however many STUN-related commits have been added to main recently, so I assume this is going to affect Syncthing v1 also.

Is there anything that can be done either to fix or to suppress these messages? They seem to be sent every 5 minutes or so, flooding the GUI.

Just to be clear, I’m seeing them only on Android. On the desktop, there seem to be no such issues.

bt90 · April 14, 2025, 8:39pm

github.com/syncthing/syncthing

Resolve primary STUN server(s) via DNS SRV

opened 06:58AM - 03 Apr 25 UTC

closed 12:23PM - 08 Apr 25 UTC

bt90

enhancement

### Feature description I'd suggest that we resolve our own STUN servers via DN…S SRV. This will allow us to change the domain name and IP address of our own STUN server without having to patch Syncthing. This should be enough to fend off most non-Syncthing users. If there's a consensus that this is a viable approach, I'd start working on a PR. ### Problem or use case As previously discussed on the forum, we may still want to host our own STUN server. The problem with such a service is that it tends to be abused by others, which ultimately led to the current server being shut down. Any hardcoded address in the codebase is likely to suffer the same fate sooner or later. see https://forum.syncthing.net/t/stun-syncthing-net-doesnt-resolve-anymore/24075/8 ### Alternatives or workarounds Static secrets for the STUN server, but this could suffer the same fate. Anything that can simply be hardcoded into a WebRTC page will eventually be abused. DNS SRV requires backend logic, which should deter more offenders.

Let’s say we’re making sure the fallback mechanism works

bt90 · April 14, 2025, 9:32pm

Scratch that. I think this one is caused by the test record that still points to a special use IP address. Maybe Android is smart enough to block the resolution in this case.

calmh · April 14, 2025, 9:44pm

We should kill that warning regardless

bt90 · April 15, 2025, 5:40am

Killing the warning is one thing. But I fear that we’re running into DNS problems on Android from the looks of it:

@tomasz86 could you try building the app binary without the netgo build tag?

calmh · April 15, 2025, 8:38am

I saw the same on my Mac the other day but forgot to investigate.

bt90 · May 14, 2025, 3:27pm

Although the log spam issue has been resolved, the SRV lookup is still broken on Android. It might be overkill, but could we use a blessed external DNS on Android? Otherwise, the fallback works well enough, and we’re only talking about a fraction of our user base.