mDNS stands for Multicast DNS.
In the WebRTC context, mDNS is used as a privacy mechanism to hide local IP addresses from JavaScript. Instead of exposing the actual local IP address in ICE candidates, the browser generates a random mDNS hostname (e.g., a1b2c3d4.local).
Why mDNS was introduced
Before mDNS obfuscation, any website running WebRTC JavaScript could discover a user’s local IP address(es) through ICE candidate gathering. This created privacy concerns:
- VPN users’ real local IPs could be exposed
- Network topology information was leaked
- Users could be fingerprinted across sessions
How mDNS candidates work in WebRTC
- The browser gathers a local host candidate with its real IP address
- Instead of exposing this to JavaScript, it generates a random
.localmDNS hostname - The mDNS hostname is shared in the SDP ICE candidates
- The remote peer resolves the mDNS hostname on the local network to perform connectivity checks
- Only peers on the same local network can resolve the hostname
Impact on WebRTC applications
mDNS candidates work transparently for most WebRTC use cases. However, they can cause issues in:
- Server-side ICE processing (media servers cannot resolve mDNS)
- Debugging (real IPs not visible in webrtc-internals)
- Peer-to-peer on the same LAN (works, as the hostname is resolvable)
TURN relay candidates and server-reflexive candidates are not affected by mDNS, as they already use public IP addresses.
