[38836] in Kerberos
Re: Selective kdc discovery
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Nov 5 02:42:42 2020
To: "Paul B. Henson" <henson@acm.org>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <1b4619a5-6274-7f66-0ce6-c12acb98779f@mit.edu>
Date: Thu, 5 Nov 2020 02:39:54 -0500
MIME-Version: 1.0
In-Reply-To: <20201105055339.GL6726@zaphod.pbhware.com>
Content-Language: en-US
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 11/5/20 12:53 AM, Paul B. Henson wrote:
> We're currently using DNS SRV records and all of our kdc's seems to have
> fairly equal load. Are DNS SRV records handled differently in terms of
> distributing load, or is that just a side effect of the resolver handing
> them back in a different order for each lookup?
SRV records contain a priority and a weight. The MIT krb5
implementation orders the records by priority and ignores the weight.
If all records have the same priority, we don't randomize the order, but
the DNS resolver will typically will.
(Heimdal actually uses the weight fields, so that part varies by
implementation.)
> There's no mechanism for load balancing when using file based
> kdc configuration?
Correct.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
