On Feb 18, 2021, at 11:28 AM, Thorsten Glaser <t.glaser@xxxxxxxxx> wrote: > On Thu, 18 Feb 2021, James Bottomley wrote: >> /etc/host only resolves A and AAAA records, so it would have no impact >> on SRV records at all. > > That’s part of what makes me nervous. If foo.example.com has an SRV RR > and I add an entry for foo.example.com into /etc/hosts to temporarily > locally redirect it, does that mean the hosts entry will be ignored if > SRV RR usage is enabled? > > I can’t see where this will end up in anything other than sysadmin > tears. Keep in mind that SRV records typically point at hostnames, not directly at IP addresses. In fact, I’m not even sure they are allowed to point at IPs. So, there will still be a hostname lookup which occurs after the SRV record lookup, and that could potentially be resolved via /etc/hosts depending on the local system’s resolver configuration. It’s also worth pointing out that one benefit of SRV records is that you can specify port information in them, if you want client to use a port other than the default one of 22, without the need to configure that on every client. In my experience, SRV records are not set at the “host” level. They’re typically set at the domain level (e.g. example.com <http://example.com/>, not foo.example.com <http://foo.example.com/>), and they tell you which host(s) under that domain provide the service you are looking up, along with the port number to connect to on that host. You can also set a series of possible hosts, with weights for which ones to prefer. -- Ron Frederick ronf@xxxxxxxxxxxxx _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev