> On Jul 26, 2017, at 4:12 PM, Viktor Dukhovni <viktor.dukho...@twosigma.com> > wrote: > >> The RR is guaranteed to return a name which has an A/AAAA record. > > It is not. SRV RRs can and sometimes do reference names that don't exist. > Ditto with MX records, ... Even when the name exists a lookup can > time out.
Per RFC 2782: Target The domain name of the target host. There MUST be one or more address records for this name, the name MUST NOT be an alias (in the sense of RFC 1034 or RFC 2181). Implementors are urged, but not required, to return the address record(s) in the Additional Data section. Unless and until permitted by future standards action, name compression is not to be used for this field. My interpretation of this matches what I said. Nit picking aside, obviously Heimdal should be robust to incorrect DNS configuration where possible. However, if it winds up having to do a search because DNS is incorrectly configured, that strikes me as better than failing outright. I guess I’m back to not understanding what the problem is. If the SRV RR is right, then it’s moot. If the record is wrong, then we’re off the reservation and it’s just a question of whether there is anything plausible we can do that will address the most likely failures. Personal email. hbh...@oxy.edu