Currently cloaking returns multiple records in random order: https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_cloak.go#L312
This is generally not how public DNS resolvers behave (with 1 exception, that Cloudflare will do this if there are multiple proxied (!) records, it will randomly select 2 and return those in random order https://developers.cloudflare.com/dns/manage-dns-records/how-to/round-robin-dns/) and has unintended side-effects, since generally tools will try the IPs in the provided order. Due to the randomization, it's not possible anymore to provide a basic fallback mechanism. e.g. first always try the first IP, if that fails connect to the 2nd (which is a fallback server),... for example with SSH.
A practical use case is for example where the first IP is a local IP and the 2nd a remote IP - if the resource is available locally, connect to that, otherwise go to the remote server.
Possibly the easiest (and least breaking) and most consistent change would be to do what forwarding does:
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Forwarding
Multiple comma-separated IP addresses can be specified:
example.com 192.168.2.1,192.168.2.2
They will be tried in random order.
For cloaking it currently is 1 IP per line that will be tried in random order:
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Cloaking
For load-balancing, multiple IP addresses of the same class can also be provided using the same format, one pair per line:
server 192.168.100.55
server 192.168.100.56
With this change implemented, this would mean:
Multiple comma-separated IP addresses can be specified for load-balancing. They will all be returned in random order:
server 192.168.100.55,192.168.100.56
Multiple IP addresses of the same class can also be provided using the same format, one pair per line. They will all be returned in the specified order:
server 192.168.100.55
server 192.168.100.56
Currently cloaking returns multiple records in random order: https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_cloak.go#L312
This is generally not how public DNS resolvers behave (with 1 exception, that Cloudflare will do this if there are multiple proxied (!) records, it will randomly select 2 and return those in random order https://developers.cloudflare.com/dns/manage-dns-records/how-to/round-robin-dns/) and has unintended side-effects, since generally tools will try the IPs in the provided order. Due to the randomization, it's not possible anymore to provide a basic fallback mechanism. e.g. first always try the first IP, if that fails connect to the 2nd (which is a fallback server),... for example with SSH.
A practical use case is for example where the first IP is a local IP and the 2nd a remote IP - if the resource is available locally, connect to that, otherwise go to the remote server.
Possibly the easiest (and least breaking) and most consistent change would be to do what forwarding does:
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Forwarding
For cloaking it currently is 1 IP per line that will be tried in random order:
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Cloaking
With this change implemented, this would mean: