Skip to main content

9. DNS Discovery of a Server (服务器的DNS发现)

This section describes an optional procedure that a STUN client can use to discover, using Domain Name System (DNS) procedures [RFC1035], the IP address and port of a STUN server.

A usage must (must) define when the client should use this procedure. For example, a usage might define that the server name could be manually provisioned in the client, or it might define that the client can discover the name through some other means, such as through a configuration protocol.

Once a client has determined the name to be resolved, it performs an A or AAAA record query for that name. This query returns one or more IP addresses. If the STUN usage defines a single well-known port, the client SHOULD use that port. Otherwise, the client performs an SRV query for the name. The SRV query will yield a list of DNS names, along with their priorities, weights, and ports. The client then performs an A or AAAA query on each of the DNS names to convert them to IP addresses.

Once the client has obtained a list of IP addresses and ports, it orders the list according to the procedures described in RFC 3484 [RFC3484]. The client then begins contacting servers using the ordered list of IP addresses and ports, starting with the most preferred address. The client continues down the list until it finds a responsive server or exhausts the list.

When SRV records are used to obtain the server address and port, a client SHOULD NOT use a server whose DNS name does not match the name the client queried. For example, if the client queried for _stun._udp.example.com and the SRV response contained a DNS name of server1.otherdomain.com, the client SHOULD NOT send to that server. This is to prevent an attacker that controls DNS in one domain from redirecting STUN requests to a server in another domain.

A client MAY cache the results of a DNS lookup for the duration specified by the Time to Live (TTL) of the DNS record(s). If the client fails to receive a response from a server obtained through a DNS SRV record within a reasonable time (as defined by the usage), the client SHOULD re-query the DNS. The client SHOULD honor DNS TTL values.

If the STUN usage defines a port for a particular transport, and that transport uses SRV, then the usage MUST define a symbolic name for that SRV service. The symbolic name is the service name prepended with an underscore, followed by a period, the protocol name prepended with an underscore, followed by a period, and then the domain name. For example, if the usage defines a UDP-based transport for STUN on port 3478, and the domain name is example.com, the symbolic name would be _stun._udp.example.com.

Last updated on