> On Jul 25, 2017, at 6:30 PM, Roland C. Dowdeswell
> <roland.dowdesw...@twosigma.com> wrote:
> And there are no KDCs configured in /etc/krb5.conf for the realm that
> you are querying, you will use DNS SRV RRs. And, we think that once you
> have retrieved hostnames from DNS SRV RRs that they should be looked up
> only in DNS and not subjected to search lists and the like.
I’ll grant that this is a level of detail which standards don’t address, and
where consensus may legitimately be impossible. FWIW my opinion is that an SA
responsible for deploying/testing a machine may know nothing about krb5 config
files, but need to point at a different infrastructure.
For the scenario you describe where RRs are necessary, the poor SA will be very
surprised if his entries in /etc/hosts are ignored. He will be especially
surprised if the OS has an nsswitch.conf and he has put hosts before DNS. (I
might even have run into a scenario like that on Solaris 9, but I never
completely debugged it so I’m not sure.)
I assume you at least have code in there to sort the RR entries by
priority/weight before using the optimistically-provided A/AAAA records.
Personal email. hbh...@oxy.edu