diff --git a/pkg/service/turn.go b/pkg/service/turn.go
index 28a38e905..1cffd7537 100644
--- a/pkg/service/turn.go
+++ b/pkg/service/turn.go
@@ -26,7 +26,7 @@ func NewTurnServer(conf *config.Config, roomStore RoomStore, node routing.LocalN
 		return nil, nil
 	}
 
-	if turnConf.TLSPort == 0 && turnConf.UDPPort == 0 {
+	if turnConf.TLSPort <= 0 && turnConf.UDPPort <= 0 {
 		return nil, errors.New("invalid TURN ports")
 	}
 
@@ -49,6 +49,10 @@ func NewTurnServer(conf *config.Config, roomStore RoomStore, node routing.LocalN
 			return nil, errors.New("TURN domain required")
 		}
 
+		if IsValidDomain(turnConf.Domain) == false {
+			return nil, errors.New("TURN domain is not correct")
+		}
+
 		cert, err := tls.LoadX509KeyPair(turnConf.CertFile, turnConf.KeyFile)
 		if err != nil {
 			return nil, errors.Wrap(err, "TURN tls cert required")
@@ -99,4 +103,4 @@ func newTurnAuthHandler(roomStore RoomStore) turn.AuthHandler {
 
 		return turn.GenerateAuthKey(username, livekitRealm, rm.TurnPassword), true
 	}
-}
+}
\ No newline at end of file
diff --git a/pkg/service/utils.go b/pkg/service/utils.go
index 48272f057..ca17f1e55 100644
--- a/pkg/service/utils.go
+++ b/pkg/service/utils.go
@@ -3,6 +3,7 @@ package service
 import (
 	"context"
 	"net/http"
+	"regexp"
 
 	"github.com/go-redis/redis/v8"
 	"github.com/google/wire"
@@ -93,6 +94,11 @@ func boolValue(s string) bool {
 	return s == "1" || s == "true"
 }
 
+func IsValidDomain(domain string) bool {
+	domainRegexp := regexp.MustCompile(`^(?i)[a-z0-9-]+(\.[a-z0-9-]+)+\.?$`)
+	return domainRegexp.MatchString(domain)
+}
+
 func permissionFromGrant(claim *auth.VideoGrant) *livekit.ParticipantPermission {
 	p := &livekit.ParticipantPermission{
 		CanSubscribe:   true,
diff --git a/pkg/service/utils_test.go b/pkg/service/utils_test.go
index 08ac2f339..03d10107a 100644
--- a/pkg/service/utils_test.go
+++ b/pkg/service/utils_test.go
@@ -2,6 +2,9 @@ package service_test
 
 import (
 	"github.com/go-redis/redis/v8"
+	"github.com/livekit/livekit-server/pkg/service"
+	"github.com/stretchr/testify/require"
+	"testing"
 )
 
 func redisClient() *redis.Client {
@@ -9,3 +12,16 @@ func redisClient() *redis.Client {
 		Addr: "localhost:6379",
 	})
 }
+
+func TestIsValidDomain(t *testing.T) {
+	list := map[string]bool{
+		"turn.myhost.com": true,
+		"turn.google.com": true,
+		"https://host.com": false,
+		"turn://host.com": false,
+	}
+	for key, result := range list {
+		service.IsValidDomain(key)
+		require.Equal(t, service.IsValidDomain(key), result)
+	}
+}
\ No newline at end of file