OpenSSH (ssh or sftp) client support of DNS SRV records

SCOTT FIELDS Scott.Fields at kyndryl.com
Thu May 15 04:49:43 AEST 2025 

And a connection will fail if one of the round robin servers is down if that's the address given on a resolution, vs SRV entries knowing which servers to try (in order) if any server fails.
________________________________
From: SCOTT FIELDS <Scott.Fields at kyndryl.com>
Sent: Monday, May 12, 2025 2:43 PM
To: Travis Hayes <travis.hayes at gmail.com>
Cc: Herbie via openssh-unix-dev Robinson <openssh-unix-dev at mindrot.org>
Subject: Re: [EXTERNAL] Re: OpenSSH (ssh or sftp) client support of DNS SRV records

The problem with DNS round robin definitions (having an A/AAAA record with multiple addresses) is you don't have load preference rules that are associated with SRV records.
________________________________
From: Travis Hayes <travis.hayes at gmail.com>
Sent: Monday, May 12, 2025 2:37 PM
To: SCOTT FIELDS <Scott.Fields at kyndryl.com>
Cc: Herbie via openssh-unix-dev Robinson <openssh-unix-dev at mindrot.org>
Subject: [EXTERNAL] Re: OpenSSH (ssh or sftp) client support of DNS SRV records

> On May 12, 2025, at 13:29, SCOTT FIELDS via openssh-unix-dev <openssh-unix-dev at mindrot.org> wrote:
>
> This was discussed some time ago (SRV lookup support (Bugzilla 2217)), but I'd like to revisit.
>
> I would find value in using a multi-homed SSH/SFTP homed server solution that's not tied to a specific DNS IP address.
>
> Most solutions I'm aware of use a port forwarding load-balancer solution.
>
> And some newer solutions are using DNS based load balancers.
>
> The advantage of using a SRV record solution is you don't have to invest in a port-forwarding solution or even a DNS load balancer and still be able to leverage having multiple redundant SSH servers.
>
> I don't see any follow-up. and not sure if any reason was put forward why it's a bad idea.
>
> The front end code already exists in other products that already leverage this. 'sendmail' is the most obvious example.
>
> AKA,
>
> You have the following SRV records:
>
> _ssh._tcp.<mydomain.com>
>
> _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver1.<mydomain.com
> _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver2.<mydomain.com
> _ssh._tcp.<mydomain.com has SRV record 0 110 123 sshserver3.<mydomain.com
>
> And the client can determine the SSH servers available in the domain, if present and use the load balancing rules to decide which to connect to.
>
> Scott Fields
> Kyndryl
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev 

Would your use case be specifically for SRV records, or would A or AAAA records with multiple IPs satisfy it?

I’m not sure how this would be useful to me, but I do see how a cluster of SFTP servers might…

More information about the openssh-unix-dev mailing list