Behaviour around _kerberos-master._tcp
Tushar.Prasad at ibm.com
Thu Mar 9 21:14:06 EST 2023
Our product makes use of Kerberos client in a proxy.
The product needs to send Kerberos token to the Application.
When that needs to be done, _kerberos-master._tcp DNS query seems to be sent at everything a token request is made
Is it as per design? Or there is a caching of master kdc possible(planned) so that _kerberos-master._tcp can be resolved and DNS and can be cached (for some interval) so that a repetitive query is not sent?
At this point, we are aware of master_kdc entry but looking for options other than making configuration changes in krb5.conf?
More information about the krbdev