Behaviour around _kerberos-master._tcp
Greg Hudson
ghudson at mit.edu
Fri Mar 10 11:05:56 EST 2023
On 3/9/23 21:14, Tushar Prasad via krbdev wrote:
> When that needs to be done, _kerberos-master._tcp DNS query seems to be sent at everything a token request is made
>
> Is it as per design?
This is a known efficiency bug:
https://krbdev.mit.edu/rt/Ticket/Display.html?id=7721
https://krbdev.mit.edu/rt/Ticket/Display.html?id=6782
I will see what I can do about resolving the primary KDC only when
needed, but can't make any guarantees for the short term. For the
moment the only workarounds are the configuration ones you've probably
already considered (changing krb5.conf or using a local DNS resolver
with negative caching).
More information about the krbdev
mailing list