[krbdev.mit.edu #1453] decouple DNS queries from KDC communication
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Mon May 5 17:24:21 EDT 2003
There's no reason the first packet sent to the KDC has to be delayed
until every address for every listed KDC host has been acquired.
Look at Greg Hudson's "libares" async resolver code. See if BIND 9 has
support for this sort of thing too.
A possible approach:
Get the SRV records or krb5.conf data, pick an order for the hosts,
start resolving all the names, and when the addresses for the first host
come in, fire off a packet; on timeout for the first host, *and* after
the addresses for the second host are available, try the second host.
When a suitable response comes in, close sockets and abandon any
resolver queries in progress. (Q: Cache the data for a while?)
More complicated:
We use the same send_to_* code now for krb5 KDC, krb4 KDC and krb524d,
at least, all with the same issue. The name lookups and fallbacks are
handled differently in each case. Perhaps an ordered list of hostnames
and port numbers needs to be supplied.
More information about the krb5-bugs
mailing list