OPC UA can be configured to support discovery in multiple manners. One of the options is a multi-cast discovery. In this type of Discovery, Serversannounce themselves on a subnet when they start. Application machines or an actual application can listen and build a list of the available servers.

Multicast DNS operations are insecure because of their very nature; they allow rogue servers to broadcast their presence or impersonate another host or server. Risks from Rogue Serverscan be minimized if OPC UA security is enabled and all applications use certificate TrustListsto control access. Also, Clientsshould cache connection information, minimizing the lookup of Serverinformation. However, even if you use UA security, multicast DNS should be disabled in environments where an attacker can easily access the network.

Applications (or discovery servers) are built to ensure that they cannot be overloaded or brought down by high broadcast rates on the multi-cast discovery channel or by too large a list of server applications.