Xu, Qiang (FXSGSC)
Qiang.Xu at fujixerox.com
Wed Mar 25 22:07:32 EDT 2009
> -----Original Message-----
> From: kerberos-bounces at mit.edu
> [mailto:kerberos-bounces at mit.edu] On Behalf Of Markus Moeller
> Sent: Thursday, March 26, 2009 5:43 AM
> To: kerberos at mit.edu
> Subject: Re: SASL authentication
> "Xu, Qiang (FXSGSC)" <Qiang.Xu at fujixerox.com> wrote
> > Or it may be the problem of some DNS server. Because if I put
> > the nameserver 188.8.131.52 in front of 184.108.40.206, it still
> > doesn't work. By right, if a hostname can't be located by the first
> > nameserver, it should continue to look for the hostname in the
> > second nameserver, right?
> No it wouldn't. If the first server says unknown domain it is
> a valid reponse and the next server wouldn't be queried. Only
> if the first server does not reply the second will be used (afaik)
Now my resolve.conf is as follows:
search sgp.fujixerox.com sesswin2003.com
The machine "durian" can only be resolved by "220.127.116.11".
This is the result of nslookup:
qxu at durian(pts/1):~$ nslookup durian
Why doesn't it go to the first nameserver (18.104.22.168) to try to resolve "durian"? 22.214.171.124 is the second server.
And I can verify the first server is alive and working:
qxu at durian(pts/1):~$ nslookup sesswin2003
So if the first server is alive, when the request to resolve "durian" arrives, the first nameserver (126.96.36.199) should be queried. Is it? But in fact, the first server was skipped, and the query was done with the second server. How to explain this behavior?
More information about the Kerberos