No _kerberos.domain entry in Windows DNS?

Jeffrey Altman jaltman at secure-endpoints.com
Tue Mar 11 11:26:34 EDT 2008


Speedo wrote:
> According to http://tools.ietf.org/html/draft-ietf-krb-wg-krb-dns-locate-03,
> there should be _kerberos.domain and _kerberos._udp.domain DNS
> entries. I found both in a UNIX systsem, but only the 2nd one in
> Windows DNS.
1. An IETF Internet Draft that expired in 2003. 
2. It was never standardized.
3. Nowhere in the document does it state that anyone SHOULD deploy 
them.  In fact it provides several reasons in the Security 
Considerations section describing why TXT records should not be deployed 
even though their use does address a configuration distribution problem.






-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080311/ff90fcd5/attachment.bin


More information about the Kerberos mailing list