[38742] in Kerberos
Re: rdns, past and future
daemon@ATHENA.MIT.EDU (Ken Dreyer)
Tue May 26 18:18:33 2020
MIME-Version: 1.0
In-Reply-To: <e995ee2d-d6f1-e896-fef4-16c80ff35b1e@mit.edu>
From: Ken Dreyer <ktdreyer@ktdreyer.com>
Date: Tue, 26 May 2020 16:15:51 -0600
Message-ID: <CAD3FbMVK3HTR5ae6xLCP1X=W-rfQk6T=p8ntt8ZkKdtbCdC-KA@mail.gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, May 26, 2020 at 3:56 PM Greg Hudson <ghudson@mit.edu> wrote:
> On 5/26/20 5:09 PM, Ken Dreyer wrote:
> > In public cloud environments or Kubernetes environments, PTR records
> > are difficult or impossible for administrators to set. We increasingly
> > have to tell users to set "rdns = fallback" or "rdns = false".
>
> Note that dns_canonicalize_hostname and rdns are separate settings.
> dns_canonicalize_hostname supports "fallback", but rdns only supports
> true or false (and only takes effect when DNS canonicalization happens).
My bad, you're right. I meant dns_canonicalize_hostname=fallback.
I've found some public cloud providers with some very weird PTR
records for IP addresses that they hand out. These records are worse
than NXDOMAIN, and I was confused to see these in my logs.
- Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
