How often does MIT krb5 request for KDC info through DNS?

Brandon Allbery ballbery at
Tue Aug 5 10:44:54 EDT 2014

On Tue, 2014-08-05 at 10:19 -0400, Greg Hudson wrote:
> That said, if the popular platforms aren't interested in providing
> this
> service, at some point applications have to step in and solve the
> problem even if it's not optimal.  We might add some amount of DNS
> caching in libkrb5 at some point (with a very low internal TTL),
> though
> it isn't super high on the priority list.

Browsers do this these days. And balancing faster performance due to
local caching against correct operation took them a while. It's
something of a mess; it really does not belong in the application, as
you noted.

brandon s allbery kf8nh                           sine nomine associates
allbery.b at                              ballbery at
unix openafs kerberos infrastructure xmonad

More information about the krbdev mailing list