[krbdev.mit.edu #8687] Repeated lookups of local computer name on Windows
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Sun May 27 00:00:46 EDT 2018
Every time we want to look up a SRV or URI record, we call
krb5int_dns_init(), which calls res_init() (absent res_ninit()
support or being on a Mac). On Windows this is implemented via the
wshelper library. The wshelper res_init() initializes a global
structure _res, but does not check if _res is already initialized (as
it could via _res.options & RES_INIT).
As part of its work, it tries to determine a local domain name and
search path. Unless the LOCALDOMAIN environment variable is set, it
does this by calling GetComputerName() and looking up the result in
DNS with DnsQuery_A() with the DNS_QUERY_BYPASS_CACHE and
DNS_QUERY_NO_LOCAL_NAME flags. On a VM I set up using Windows 10,
this lookup takes approximately one second to fail (I'm not sure
why), causing kinit to take several seconds in a typical exchange.
We do not currently make use of the local domain or search path in
the resolver configuration, since we always look up absolute domain
names (dnssrv.c:prepare_lookup_buf()). We have some interest in a
local domain name to expand short names when
dns_canonicalize_hostname is set to false, but it would need to be
determined from on-machine configuration, not DNS.
More information about the krb5-bugs
mailing list