Behaviour around _kerberos-master._tcp

Tushar Prasad Tushar.Prasad at
Thu Mar 9 21:14:06 EST 2023


Our product makes use of Kerberos client in a proxy.

The product needs to send Kerberos token to the Application.

When that needs to be done, _kerberos-master._tcp  DNS query seems to be sent  at everything a token request is made

Is it as per design? Or there is a caching of master kdc possible(planned) so that _kerberos-master._tcp  can be resolved and DNS and can be cached (for some interval) so that a repetitive query is not sent?

At this point, we are aware of master_kdc entry but looking for options other than making configuration changes in krb5.conf?


More information about the krbdev mailing list