On Thu, 18 Feb 2021, James Bottomley wrote:> > It?s still a level of indirection that isn?t traditionally used, and^^^^^^^^^^^^> SRV is used as a requirement by several protocols today. Xmpp simply^^^^^ Do you see it?> > especially considering name resolution is not just DNS (think > > /etc/hosts for example). > > /etc/host only resolves A and AAAA records, so it would have no impact > on SRV records at all.That?s part of what makes me nervous. If foo.example.com has an SRV RR and I add an entry for foo.example.com into /etc/hosts to temporarily locally redirect it, does that mean the hosts entry will be ignored if SRV RR usage is enabled? I can?t see where this will end up in anything other than sysadmin tears. bye, //mirabilos -- tarent solutions GmbH Rochusstra?e 2-4, D-53123 Bonn ? http://www.tarent.de/ Tel: +49 228 54881-393 ? Fax: +49 228 54881-235 HRB 5168 (AG Bonn) ? USt-ID (VAT): DE122264941 Gesch?ftsf?hrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg ************************************************* Mit unserem Consulting bieten wir Unternehmen ma?geschneiderte Angebote in Form von Beratung, Trainings sowie Workshops in den Bereichen Softwaretechnologie, IT Strategie und Architektur, Innovation und Umsetzung sowie Agile Organisation. Besuchen Sie uns auf https://www.tarent.de/consulting . Wir freuen uns auf Ihren Kontakt. *************************************************
Thorsten Glaser wrote this message on Thu, Feb 18, 2021 at 20:28 +0100:> On Thu, 18 Feb 2021, James Bottomley wrote: > > > > It???s still a level of indirection that isn???t traditionally used, and > ^^^^^^^^^^^^ > > > SRV is used as a requirement by several protocols today. Xmpp simply > ^^^^^ > > Do you see it?SRV records were defined in RFC2782, Feb 2000. SIP has been documented to use SRV records since June 2002: https://tools.ietf.org/html/rfc3263 XMPP has perfered using SRV since 2011 (RFC6120): https://tools.ietf.org/html/rfc6120#section-3.2.1 Just because **YOU** don't use it, doesn't mean that it isn't in wide deployment and use. I've been using SRV records for over 10 years now on my own domain: date: 2010/11/12 04:12:47; author: jmg; state: Exp; lines: +2 -2 fix SRV record.. required to point to an A record... and I've never had any issues with it either... It just works... as you can tell my initial setup didn't work, but this was a fix to a commit from 4 minutes earlier when I initially set it up..> > > especially considering name resolution is not just DNS (think > > > /etc/hosts for example). > > > > /etc/host only resolves A and AAAA records, so it would have no impact > > on SRV records at all. > > That???s part of what makes me nervous. If foo.example.com has an SRV RR > and I add an entry for foo.example.com into /etc/hosts to temporarily > locally redirect it, does that mean the hosts entry will be ignored if > SRV RR usage is enabled? > > I can???t see where this will end up in anything other than sysadmin > tears.This is where ssh -v should be explicit and clear where it's getting the IP address and where it's connecting. If you're system is poorly configured, then yes, there will be issues w/ it, and option need to be available to detect it, and fix them as well. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
On Feb 18, 2021, at 11:28 AM, Thorsten Glaser <t.glaser at tarent.de> wrote:> On Thu, 18 Feb 2021, James Bottomley wrote: >> /etc/host only resolves A and AAAA records, so it would have no impact >> on SRV records at all. > > That?s part of what makes me nervous. If foo.example.com has an SRV RR > and I add an entry for foo.example.com into /etc/hosts to temporarily > locally redirect it, does that mean the hosts entry will be ignored if > SRV RR usage is enabled? > > I can?t see where this will end up in anything other than sysadmin > tears.Keep in mind that SRV records typically point at hostnames, not directly at IP addresses. In fact, I?m not even sure they are allowed to point at IPs. So, there will still be a hostname lookup which occurs after the SRV record lookup, and that could potentially be resolved via /etc/hosts depending on the local system?s resolver configuration. It?s also worth pointing out that one benefit of SRV records is that you can specify port information in them, if you want client to use a port other than the default one of 22, without the need to configure that on every client. In my experience, SRV records are not set at the ?host? level. They?re typically set at the domain level (e.g. example.com <http://example.com/>, not foo.example.com <http://foo.example.com/>), and they tell you which host(s) under that domain provide the service you are looking up, along with the port number to connect to on that host. You can also set a series of possible hosts, with weights for which ones to prefer. -- Ron Frederick ronf at timeheart.net