Kerberos transport DNS record design
Greg Hudson
ghudson at mit.edu
Wed Jun 1 11:11:27 EDT 2016
On 06/01/2016 10:31 AM, Petr Spacek wrote:
> FreeIPA needs to have access to fields 'priority' and 'server
> name' in the RR so server name can be mapped to location name & priority
> associated with it.
>
> In case of SRV it is easy because RR format is standardized and DNS libraries
> can work with it directly.
SRV is not really an interesting comparison unless your viewpoint is
that MS-KKDCP transport discovery just shouldn't be implemented.
If we used URI you would have easy access to the weight (assuming your
DNS library implements the URI RR type), but not to the server name,
since we would be using a Kerberos-specific URI scheme.
> Custom format inside TXT record will take away this simplicity and every
> single system which will want to do something similar will have to implement
> parser for the custom format.
>
> For me as an implementer this is major downside of TXT approach.
Sure. Structure is good for consumers who want to know about it,
especially if they can delegate the understanding of that structure to a
library. Structure is bad for producers who want to know as little as
possible, or for getting through middle-boxes which habitually reject
structure tags they don't understand. It's a trade-off.
More information about the krbdev
mailing list