SCOTT FIELDS
2025-May-14 18:49 UTC
OpenSSH (ssh or sftp) client support of DNS SRV records
And a connection will fail if one of the round robin servers is down if that's the address given on a resolution, vs SRV entries knowing which servers to try (in order) if any server fails. ________________________________ From: SCOTT FIELDS <Scott.Fields at kyndryl.com> Sent: Monday, May 12, 2025 2:43 PM To: Travis Hayes <travis.hayes at gmail.com> Cc: Herbie via openssh-unix-dev Robinson <openssh-unix-dev at mindrot.org> Subject: Re: [EXTERNAL] Re: OpenSSH (ssh or sftp) client support of DNS SRV records The problem with DNS round robin definitions (having an A/AAAA record with multiple addresses) is you don't have load preference rules that are associated with SRV records. ________________________________ From: Travis Hayes <travis.hayes at gmail.com> Sent: Monday, May 12, 2025 2:37 PM To: SCOTT FIELDS <Scott.Fields at kyndryl.com> Cc: Herbie via openssh-unix-dev Robinson <openssh-unix-dev at mindrot.org> Subject: [EXTERNAL] Re: OpenSSH (ssh or sftp) client support of DNS SRV records> On May 12, 2025, at 13:29, SCOTT FIELDS via openssh-unix-dev <openssh-unix-dev at mindrot.org> wrote: > > ?This was discussed some time ago (SRV lookup support (Bugzilla 2217)), but I'd like to revisit. > > I would find value in using a multi-homed SSH/SFTP homed server solution that's not tied to a specific DNS IP address. > > Most solutions I'm aware of use a port forwarding load-balancer solution. > > And some newer solutions are using DNS based load balancers. > > The advantage of using a SRV record solution is you don't have to invest in a port-forwarding solution or even a DNS load balancer and still be able to leverage having multiple redundant SSH servers. > > I don't see any follow-up. and not sure if any reason was put forward why it's a bad idea. > > The front end code already exists in other products that already leverage this. 'sendmail' is the most obvious example. > > AKA, > > You have the following SRV records: > > _ssh._tcp.<mydomain.com> > > _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver1.<mydomain.com > _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver2.<mydomain.com > _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver3.<mydomain.com > > And the client can determine the SSH servers available in the domain, if present and use the load balancing rules to decide which to connect to. > > Scott Fields > Kyndryl > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-devWould your use case be specifically for SRV records, or would A or AAAA records with multiple IPs satisfy it? I?m not sure how this would be useful to me, but I do see how a cluster of SFTP servers might?
Seemingly Similar Threads
- OpenSSH (ssh or sftp) client support of DNS SRV records
- OpenSSH (ssh or sftp) client support of DNS SRV records
- [Bug 2217] New: allow using _ssh._tcp SRV records
- How to RSYNC from eth1 on PDC-SRV to eth1 on BDC-SRV?
- [EXTERNAL] Re: ChaCha20 Rekey Frequency