> On Jul 26, 2017, at 4:12 PM, Viktor Dukhovni <viktor.dukho...@twosigma.com>
> wrote:
>
>> The RR is guaranteed to return a name which has an A/AAAA record.
>
> It is not. SRV RRs can and sometimes do reference names that don't exist.
> Ditto with MX records, ... Even when the name exists a lookup can
> time out.
Per RFC 2782:
Target
The domain name of the target host. There MUST be one or more
address records for this name, the name MUST NOT be an alias (in
the sense of RFC 1034 or RFC 2181). Implementors are urged, but
not required, to return the address record(s) in the Additional
Data section. Unless and until permitted by future standards
action, name compression is not to be used for this field.
My interpretation of this matches what I said. Nit picking aside, obviously
Heimdal should be robust to incorrect DNS configuration where possible.
However, if it winds up having to do a search because DNS is incorrectly
configured, that strikes me as better than failing outright.
I guess I’m back to not understanding what the problem is. If the SRV RR is
right, then it’s moot. If the record is wrong, then we’re off the reservation
and it’s just a question of whether there is anything plausible we can do that
will address the most likely failures.
Personal email. hbh...@oxy.edu
