DNS SRV record support
Posted: Wed Aug 28, 2013 10:51 pm
Is there currently support for a DNS srv record? I did some testing and it didn't appear so. Can anyone confirm that?
So if there isn't, can we get SRV record support added for OpenVPN?
OpenVPN would need to do a query for something like:
_openvpn._tcp.host.example.com
The proto and host name part of the query can be collect from the .conf file. Specifically the proto and remote statements.
Adding this functionality would have a lot of advantages:
It would allow for a "load balanced" and HA cluster by taking advantage of the weight and priority values of the SRV records returned from DNS.
It would also reduce the need to define multiple remote hosts in a client.conf file. As an administrator I could add/remove/move OpenVPN servers and not have to update all the client.conf files with the changes. All I would have to do is update DNS. The client would continue to query the same remote defined in the .conf and DNS would return the updated information.
There would obviously need to be some sort of fall through mechanism. If the SRV query failed then do a standard A record query for the host name of the remove server.
I know it seems like if you only have 1 or 2 servers its not a difficult thing to manage. The problem is I have 40+ servers and 9500+ remote clients. Trying to touch each one of those is a challenge. So just from a change management perspective its difficult. I also have a load balancing challenge. Even though you can specify a random order to try and use the remote hosts defined in the .conf, its just that, random. If I had the ability to lookup via an SRV record I could take advantage of the weight values in the SRV record and get better distribution of clients across the servers.
So if there isn't, can we get SRV record support added for OpenVPN?
OpenVPN would need to do a query for something like:
_openvpn._tcp.host.example.com
The proto and host name part of the query can be collect from the .conf file. Specifically the proto and remote statements.
Adding this functionality would have a lot of advantages:
It would allow for a "load balanced" and HA cluster by taking advantage of the weight and priority values of the SRV records returned from DNS.
It would also reduce the need to define multiple remote hosts in a client.conf file. As an administrator I could add/remove/move OpenVPN servers and not have to update all the client.conf files with the changes. All I would have to do is update DNS. The client would continue to query the same remote defined in the .conf and DNS would return the updated information.
There would obviously need to be some sort of fall through mechanism. If the SRV query failed then do a standard A record query for the host name of the remove server.
I know it seems like if you only have 1 or 2 servers its not a difficult thing to manage. The problem is I have 40+ servers and 9500+ remote clients. Trying to touch each one of those is a challenge. So just from a change management perspective its difficult. I also have a load balancing challenge. Even though you can specify a random order to try and use the remote hosts defined in the .conf, its just that, random. If I had the ability to lookup via an SRV record I could take advantage of the weight values in the SRV record and get better distribution of clients across the servers.