SASL authentication

Xu, Qiang (FXSGSC) Qiang.Xu at fujixerox.com
Wed Mar 25 22:07:32 EDT 2009 

> -----Original Message-----
> From: kerberos-bounces at mit.edu 
> [mailto:kerberos-bounces at mit.edu] On Behalf Of Markus Moeller
> Sent: Thursday, March 26, 2009 5:43 AM
> To: kerberos at mit.edu
> Subject: Re: SASL authentication
> 
> 
> "Xu, Qiang (FXSGSC)" <Qiang.Xu at fujixerox.com> wrote 
> > Or it may be the problem of some DNS server. Because if I put 
> > the nameserver 13.198.96.10 in front of 13.198.98.35, it still 
> > doesn't work. By right, if a hostname can't be located by the first 
> > nameserver, it should continue to look for the hostname in the 
> > second nameserver, right?
> 
> No it wouldn't. If the first server says unknown domain it is 
> a valid reponse and the next server wouldn't be queried. Only 
> if the first server does not reply the second will be used (afaik)

Now my resolve.conf is as follows:
================================
search sgp.fujixerox.com sesswin2003.com
nameserver 13.198.98.35
nameserver 13.198.96.10
================================
The machine "durian" can only be resolved by "13.198.98.10". 

This is the result of nslookup: 
================================
qxu at durian(pts/1):~[5]$ nslookup durian
Server:         13.198.96.10
Address:        13.198.96.10#53

Non-authoritative answer:
Name:   durian.sgp.fujixerox.com
Address: 13.198.98.190
================================
Why doesn't it go to the first nameserver (13.198.98.35) to try to resolve "durian"? 13.198.98.10 is the second server. 

And I can verify the first server is alive and working: 
================================
qxu at durian(pts/1):~[6]$ nslookup sesswin2003
Server:         13.198.98.35
Address:        13.198.98.35#53

Name:   sesswin2003.sesswin2003.com
Address: 13.198.98.35
================================
So if the first server is alive, when the request to resolve "durian" arrives, the first nameserver (13.198.98.35) should be queried. Is it? But in fact, the first server was skipped, and the query was done with the second server. How to explain this behavior?

Thanks,
Xu Qiang

More information about the Kerberos mailing list