Selective kdc discovery
Greg Hudson
ghudson at mit.edu
Thu Nov 5 02:39:54 EST 2020
On 11/5/20 12:53 AM, Paul B. Henson wrote:
> We're currently using DNS SRV records and all of our kdc's seems to have
> fairly equal load. Are DNS SRV records handled differently in terms of
> distributing load, or is that just a side effect of the resolver handing
> them back in a different order for each lookup?
SRV records contain a priority and a weight. The MIT krb5
implementation orders the records by priority and ignores the weight.
If all records have the same priority, we don't randomize the order, but
the DNS resolver will typically will.
(Heimdal actually uses the weight fields, so that part varies by
implementation.)
> There's no mechanism for load balancing when using file based
> kdc configuration?
Correct.
More information about the Kerberos
mailing list