Kerberos transport DNS record design
Matt Rogers
mrogers at redhat.com
Fri Jul 8 13:18:07 EDT 2016
On Thu, 2016-06-09 at 17:06 +0200, Petr Spacek wrote:
> On 7.6.2016 17:56, Matt Rogers wrote:
> > On 06/01, Petr Spacek wrote:
> >>
> >> For the record, opinions of DNS gurus from dnsop list can be found
> in dnsop
> >> archives:
> >> http://www.ietf.org/mail-archive/web/dnsop/current/msg17526.html
> >>
> >> Message
> >> http://www.ietf.org/mail-archive/web/dnsop/current/msg17527.html
> >> indicates that it might be possible to standardize this if you try
> it.
> >>
> >> Message
> >> http://www.ietf.org/mail-archive/web/dnsop/current/msg17534.html
> >> argues that URI is good enough and that TXT is a bad practice.
> >>
> >>
> >> Pick an answer which suits you the best :-)
> >>
> >
> > Since there is encouragement for URI here it seems like moving
> forward
> > with the URI is the right thing to do. If the hosting
> > provider/middle-box issue is something that we do not need to worry
> > about, is there still a downside to settling on the URI right now
> and
> > standardizing it in parallel? From the code standpoint there will
> not
> > be much difference vs. the TXT RR.
>
> It would be good to get some actual data about URI feasibility.
>
> Are you able to get your DNS provider to add an URI record? Do you
> have an
> account on Amazon/Azure/others and ability to open a ticket?
>
> That would help to get hard data and after that we would have
> something to
> base decisions on.
>
With everything considered we've agreed to go forward with the URI
record. I've posted updates to the Wiki (http://k5wiki.kerberos.org/wik
i/Projects/KDC_Discovery) and the implementation is underway at https:/
/github.com/krb5/krb5/pull/481
Matt
More information about the krbdev
mailing list