Well yes. I have encountered some problems with this. I am using
Kerberos in my company LAN. While performing kinit on my system, the SRV
record for _kerberos-master.udp.EXAMPLE.COM is looked up. Now if an
NXDOMAIN is not returned but instead the default port 1 with empty host
is returned, the kinit command tries to further resolve that empty host
(which I think is replaced with <ROOT> somehow) and this causes a
extereme slowdown of kinit.
I think there should be some configuration option to say that an
NXDOMAIN should be returned for a particular SRV record. This would be
really helpful. What are your thoughts about this?
Simon Kelley wrote:
Rahul Amaram wrote:
Hi,
I think I have found a bug in dnsmasq though I am not sure if this is
the anticipated way it works. In /etc/dnsmasq.conf, it is mentioned:
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
which means when a query for this record is made it is supposed to send
a NXDOMAIN reply but this does not happen.
I am attaching a patch which makes it behave this way. Kindly review it
and let me know if I have misinterpreted something.
Looking forward to an early reply.
I think you have mis-interpreted the way this works. NXDOMAIN means that
there is no data in the DNS for the given domain. That is not what's
happening here. The example line returns a valid SRV record for
_ldap._tcp.example.com which happens to be empty. The "domain" refers to
_ldap._tcp.example.com and not the domain which may be returned as part
of the reply.
Have you encountered real-world problems with the existing behaviour?
Cheers,
Simon.
