OpenSSH (ssh or sftp) client support of DNS SRV records
SCOTT FIELDS
Scott.Fields at kyndryl.com
Tue May 13 05:27:33 AEST 2025
This was discussed some time ago (SRV lookup support (Bugzilla 2217)), but I'd like to revisit.
I would find value in using a multi-homed SSH/SFTP homed server solution that's not tied to a specific DNS IP address.
Most solutions I'm aware of use a port forwarding load-balancer solution.
And some newer solutions are using DNS based load balancers.
The advantage of using a SRV record solution is you don't have to invest in a port-forwarding solution or even a DNS load balancer and still be able to leverage having multiple redundant SSH servers.
I don't see any follow-up. and not sure if any reason was put forward why it's a bad idea.
The front end code already exists in other products that already leverage this. 'sendmail' is the most obvious example.
AKA,
You have the following SRV records:
_ssh._tcp.<mydomain.com>
_ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver1.<mydomain.com
_ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver2.<mydomain.com
_ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver3.<mydomain.com
And the client can determine the SSH servers available in the domain, if present and use the load balancing rules to decide which to connect to.
Scott Fields
Kyndryl
More information about the openssh-unix-dev
mailing list