host name resolution, again (krb5-1.3-alpha1 is available)

Nathan Neulinger nneul at
Fri Mar 14 21:16:24 EST 2003

Ick. It'd be less trouble to just install lbnamed or similar and have it
randomly return a cname.

Multiple cnames in a response violates the dns rfc's, but as far as I
know, returning a _single_ cname with a random target should be fine.

-- Nathan

On Fri, 2003-03-14 at 20:10, Russ Allbery wrote:
> Nathan Neulinger <nneul at> writes:
> > A similar issue exists with other gssapi code. Makes it pretty difficult
> > to do any kerberos functionality with dns-rotated hostnames.
> > I've been able to hack around it for telnet (all keys installed on all
> > the machines sharing the same name), but haven't figured out a way to
> > make it work with ssh yet, and haven't even bothered with ftp. 
> We wrap telnet with a script that does a forward and reverse DNS lookup to
> get the "real" name of the current load-balance winner and then passes
> that to the actual telnet binary.  Our PC and Mac code does the
> equivalent.

Nathan Neulinger                       EMail:  nneul at
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

More information about the krbdev mailing list