> On Jul 26, 2017, at 4:12 PM, Viktor Dukhovni <viktor.dukho...@twosigma.com> 
> wrote:
>> The RR is guaranteed to return a name which has an A/AAAA record.
> It is not.  SRV RRs can and sometimes do reference names that don't exist.
> Ditto with MX records, ...  Even when the name exists a lookup can
> time out.

Per RFC 2782:

        The domain name of the target host.  There MUST be one or more
        address records for this name, the name MUST NOT be an alias (in
        the sense of RFC 1034 or RFC 2181).  Implementors are urged, but
        not required, to return the address record(s) in the Additional
        Data section.  Unless and until permitted by future standards
        action, name compression is not to be used for this field.

My interpretation of this matches what I said. Nit picking aside, obviously 
Heimdal should be robust    to incorrect DNS configuration where possible. 
However, if it winds up having to do a search because DNS is incorrectly 
configured, that strikes me as better than failing outright.

I guess I’m back to not understanding what the problem is. If the SRV RR is 
right, then it’s moot. If the record is wrong, then we’re off the reservation 
and it’s just a question of whether there is anything plausible we can do that 
will address the most likely failures.

Personal email.  hbh...@oxy.edu

Reply via email to