And a connection will fail if one of the round robin servers is down if that's the address given on a resolution, vs SRV entries knowing which servers to try (in order) if any server fails. ________________________________ From: SCOTT FIELDS <Scott.Fields@xxxxxxxxxxx> Sent: Monday, May 12, 2025 2:43 PM To: Travis Hayes <travis.hayes@xxxxxxxxx> Cc: Herbie via openssh-unix-dev Robinson <openssh-unix-dev@xxxxxxxxxxx> Subject: Re: [EXTERNAL] Re: OpenSSH (ssh or sftp) client support of DNS SRV records The problem with DNS round robin definitions (having an A/AAAA record with multiple addresses) is you don't have load preference rules that are associated with SRV records. ________________________________ From: Travis Hayes <travis.hayes@xxxxxxxxx> Sent: Monday, May 12, 2025 2:37 PM To: SCOTT FIELDS <Scott.Fields@xxxxxxxxxxx> Cc: Herbie via openssh-unix-dev Robinson <openssh-unix-dev@xxxxxxxxxxx> Subject: [EXTERNAL] Re: OpenSSH (ssh or sftp) client support of DNS SRV records > On May 12, 2025, at 13:29, SCOTT FIELDS via openssh-unix-dev <openssh-unix-dev@xxxxxxxxxxx> wrote: > > This was discussed some time ago (SRV lookup support (Bugzilla 2217)), but I'd like to revisit. > > I would find value in using a multi-homed SSH/SFTP homed server solution that's not tied to a specific DNS IP address. > > Most solutions I'm aware of use a port forwarding load-balancer solution. > > And some newer solutions are using DNS based load balancers. > > The advantage of using a SRV record solution is you don't have to invest in a port-forwarding solution or even a DNS load balancer and still be able to leverage having multiple redundant SSH servers. > > I don't see any follow-up. and not sure if any reason was put forward why it's a bad idea. > > The front end code already exists in other products that already leverage this. 'sendmail' is the most obvious example. > > AKA, > > You have the following SRV records: > > _ssh._tcp.<mydomain.com> > > _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver1.<mydomain.com > _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver2.<mydomain.com > _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver3.<mydomain.com > > And the client can determine the SSH servers available in the domain, if present and use the load balancing rules to decide which to connect to. > > Scott Fields > Kyndryl > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev Would your use case be specifically for SRV records, or would A or AAAA records with multiple IPs satisfy it? I’m not sure how this would be useful to me, but I do see how a cluster of SFTP servers might… _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
