Proposal for using NAPTR/URI records
nico at cryptonector.com
Tue Feb 24 13:47:31 EST 2015
There is work under way to add confidentiality protection to DNS
queries and responses, FYI.
Basically, to make this work you'll have to say that DNSSEC support
and use on the client side is required (zones can opt-out, as always).
And you may have to say something about MITMs and sname leakage.
You're right that the srealm is probably a lost cause in all cases.
More information about the krbdev