[20416] in Kerberos_V5_Development
Re: Behaviour around _kerberos-master._tcp
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Mar 10 11:11:25 2023
Message-ID: <0a333eba-c9f1-0347-fc84-fb045e325175@mit.edu>
Date: Fri, 10 Mar 2023 11:05:56 -0500
MIME-Version: 1.0
Content-Language: en-US
To: Tushar Prasad <Tushar.Prasad@ibm.com>, "krbdev@mit.edu" <krbdev@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <MN2PR15MB3215BB6D3D60D5FEFFD9FB6FE1BA9@MN2PR15MB3215.namprd15.prod.outlook.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: krbdev-bounces@mit.edu
On 3/9/23 21:14, Tushar Prasad via krbdev wrote:
> When that needs to be done, _kerberos-master._tcp DNS query seems to be sent at everything a token request is made
>
> Is it as per design?
This is a known efficiency bug:
https://krbdev.mit.edu/rt/Ticket/Display.html?id=7721
https://krbdev.mit.edu/rt/Ticket/Display.html?id=6782
I will see what I can do about resolving the primary KDC only when
needed, but can't make any guarantees for the short term. For the
moment the only workarounds are the configuration ones you've probably
already considered (changing krb5.conf or using a local DNS resolver
with negative caching).
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
