Andrew Bartlett wrote:
> > I'm trying to use a DNS TXT record to lookup domain to realm
> > mappings:
> > $ dig +short txt _kerberos.mydomain.example
> > "FOO.EXAMPLE"
> > $ dig +short srv _kerberos._udp.mydomain.example
> > 20 0 88 big.mydomain.example.
> > 10 0 88 small.mydomain.example.
> > However, a Kerberos client, after correctly discovering its realm as
> > "FOO.EXAMPLE", is trying to lookup _kerberos._udp.FOO.EXAMPLE etc.
> > Is it expected behaviour? I supposed it should be looking up
> > _kerberos._udp.mydomain.example.
> Are you looking for dns_lookup_realm, not dns_lookup_kdc?
I'm looking for the algorithm of KDC discovery in a situation where
the DNS domain and Kerberos realm are different.
Should it look up _kerberos._udp.dnsdomain or _kerberos._udp.realm ?
Victor Sudakov, VAS4-RIPE, VAS47-RIPN