> On Jul 25, 2017, at 6:30 PM, Roland C. Dowdeswell > <roland.dowdesw...@twosigma.com> wrote: > > And there are no KDCs configured in /etc/krb5.conf for the realm that > you are querying, you will use DNS SRV RRs. And, we think that once you > have retrieved hostnames from DNS SRV RRs that they should be looked up > only in DNS and not subjected to search lists and the like.
I’ll grant that this is a level of detail which standards don’t address, and where consensus may legitimately be impossible. FWIW my opinion is that an SA responsible for deploying/testing a machine may know nothing about krb5 config files, but need to point at a different infrastructure. For the scenario you describe where RRs are necessary, the poor SA will be very surprised if his entries in /etc/hosts are ignored. He will be especially surprised if the OS has an nsswitch.conf and he has put hosts before DNS. (I might even have run into a scenario like that on Solaris 9, but I never completely debugged it so I’m not sure.) ---- I assume you at least have code in there to sort the RR entries by priority/weight before using the optimistically-provided A/AAAA records. Personal email. hbh...@oxy.edu
