Correct DNS Behavior
Daniel Kahn Gillmor
dkg-mit.edu at fifthhorseman.net
Thu May 31 19:59:25 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu 2007-05-31 17:10:56 -0400, Michael B Allen wrote:
> I don't understand how a DNS server can answer an SRV record and not
> be able to resolve the names it returns. We're either using a bad
> DNS server or it must expect the client to recur on authority
> records 3 levels deep.
An SRV record only maps a DNS resource name (like
_kerberos._udp.example.com) to a (hostname, port, weight) tuple.
There's no expectation that the nameserver which authoritatively
provides the SRV record must also authoritatively provide the A record
for the hostname contained in the SRV record.
--dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFGX2FZiXTlFKVLY2URAv5RAKCe23Y76x1xh7Q/FLq8eOMa4Pf/ZACffDEi
yvzZ5nXiKT8eae7LRAKOxvE=
=6kr7
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list