On Thu, 15 Sep 2016, Victor Sudakov wrote:

> Harald Barth wrote:
>
> >
> > $ dig +short _kerberos.pdc.kth.se txt
> > "NADA.KTH.SE"
> >
> > yes :)
> >
> > Then to find the KDC:
> >
> > $ dig +short _kerberos._udp.NADA.KTH.SE srv
>
> So, it looks up _kerberos._udp.${REALM}, not _kerberos._udp.${DNS_SUFFIX}.
>
> Too bad. I expected that the _kerberos._udp.${DNS_SUFFIX} would do the job.

Nope, the realm is explicitly treated as a DNS (suffix) name for the
lookup of KDC addresses.

See https://tools.ietf.org/html/rfc4120#section-7.2.3.2

-Ben

Reply via email to