[27840] in Kerberos
Re: Correct DNS Behavior
daemon@ATHENA.MIT.EDU (Daniel Kahn Gillmor)
Thu May 31 23:30:43 2007
From: Daniel Kahn Gillmor <dkg-mit.edu@fifthhorseman.net>
To: Kerberos <Kerberos@mit.edu>
Date: Thu, 31 May 2007 19:59:25 -0400
In-Reply-To: <20070531171056.372fc53f.mba2000@ioplex.com> (Michael B. Allen's
message of "Thu, 31 May 2007 17:10:56 -0400")
Message-ID: <87lkf4k0iq.fsf@squeak.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu 2007-05-31 17:10:56 -0400, Michael B Allen wrote:
> I don't understand how a DNS server can answer an SRV record and not
> be able to resolve the names it returns. We're either using a bad
> DNS server or it must expect the client to recur on authority
> records 3 levels deep.
An SRV record only maps a DNS resource name (like
_kerberos._udp.example.com) to a (hostname, port, weight) tuple.
There's no expectation that the nameserver which authoritatively
provides the SRV record must also authoritatively provide the A record
for the hostname contained in the SRV record.
--dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFGX2FZiXTlFKVLY2URAv5RAKCe23Y76x1xh7Q/FLq8eOMa4Pf/ZACffDEi
yvzZ5nXiKT8eae7LRAKOxvE=
=6kr7
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
