[27831] in Kerberos
Correct DNS Behavior
daemon@ATHENA.MIT.EDU (Michael B Allen)
Thu May 31 12:31:44 2007
Date: Thu, 31 May 2007 12:31:05 -0400
From: Michael B Allen <mba2000@ioplex.com>
To: Kerberos <Kerberos@mit.edu>
Message-Id: <20070531123105.4b0cb555.mba2000@ioplex.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Dear all,
My code can't find the KDC on a particular customer's network. The
problem is DNS.
The DNS communication looks like the following:
C: SRV _kerberos._udp.EXAMPLE.COM
S: No such name
C: SRV _kerberos._tcp.EXAMPLE.COM
S: 3 answer records:
krb1.EXAMPLE.COM
krb2.EXAMPLE.COM
krb3.EXAMPLE.COM
1 authority:
dns2.EXAMPLE.COM
1 additional:
A dns2.EXAMPLE.COM 1.2.3.4
C: A krb2.EXAMPLE.COM
S: No such name
C: A krb3.EXAMPLE.COM
S: No such name
C: A krb1.EXAMPLE.COM
S: No such name
Then the client gives up.
[All queries have recursion desired on. The exact dialog involves a
larger number of hosts and of course the names have been changed but I
believe the normalized dialog above accurately
represents the problem.]
I want to fix this but I don't know what the correct behavior is in
this scenario.
Can someone tell me why this failed and what the correct behavior should be?
My feeling is that the client is responsible and that it should
simply repeat the query against the authority dns2.EXAMPLE.COM.
Thoughts?
Mike
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
