Kerberos transport DNS record design
mrogers at redhat.com
Fri Jul 8 13:18:07 EDT 2016
On Thu, 2016-06-09 at 17:06 +0200, Petr Spacek wrote:
> On 7.6.2016 17:56, Matt Rogers wrote:
> > On 06/01, Petr Spacek wrote:
> >> For the record, opinions of DNS gurus from dnsop list can be found
> in dnsop
> >> archives:
> >> http://www.ietf.org/mail-archive/web/dnsop/current/msg17526.html
> >> Message
> >> http://www.ietf.org/mail-archive/web/dnsop/current/msg17527.html
> >> indicates that it might be possible to standardize this if you try
> >> Message
> >> http://www.ietf.org/mail-archive/web/dnsop/current/msg17534.html
> >> argues that URI is good enough and that TXT is a bad practice.
> >> Pick an answer which suits you the best :-)
> > Since there is encouragement for URI here it seems like moving
> > with the URI is the right thing to do. If the hosting
> > provider/middle-box issue is something that we do not need to worry
> > about, is there still a downside to settling on the URI right now
> > standardizing it in parallel? From the code standpoint there will
> > be much difference vs. the TXT RR.
> It would be good to get some actual data about URI feasibility.
> Are you able to get your DNS provider to add an URI record? Do you
> have an
> account on Amazon/Azure/others and ability to open a ticket?
> That would help to get hard data and after that we would have
> something to
> base decisions on.
With everything considered we've agreed to go forward with the URI
record. I've posted updates to the Wiki (http://k5wiki.kerberos.org/wik
i/Projects/KDC_Discovery) and the implementation is underway at https:/
More information about the krbdev