Correct DNS Behavior

Michael B Allen mba2000 at ioplex.com
Thu May 31 12:31:05 EDT 2007


Dear all,

My code can't find the KDC on a particular customer's network. The
problem is DNS.

The DNS communication looks like the following:

C: SRV _kerberos._udp.EXAMPLE.COM
S: No such name
C: SRV _kerberos._tcp.EXAMPLE.COM
S: 3 answer records:
     krb1.EXAMPLE.COM
     krb2.EXAMPLE.COM
     krb3.EXAMPLE.COM
   1 authority:
     dns2.EXAMPLE.COM
   1 additional:
     A dns2.EXAMPLE.COM 1.2.3.4
C: A krb2.EXAMPLE.COM
S: No such name
C: A krb3.EXAMPLE.COM
S: No such name
C: A krb1.EXAMPLE.COM
S: No such name

Then the client gives up.

[All queries have recursion desired on. The exact dialog involves a
larger number of hosts and of course the names have been changed but I
believe the normalized dialog above accurately
represents the problem.]

I want to fix this but I don't know what the correct behavior is in
this scenario.

Can someone tell me why this failed and what the correct behavior should be?

My feeling is that the client is responsible and that it should
simply repeat the query against the authority dns2.EXAMPLE.COM.

Thoughts?

Mike



More information about the Kerberos mailing list