To my knowledge no RFC says that only one PTR RR may exist in any given PTR RRSet. In practice all implementations of getnameinfo(), gethostbyaddr(), and the like, use only the first PTR RR in the PTR RRSet for obvious semantic reasons: such code is looking for a canonical name for an IP address, and more than one name means there's no canonical name, thus either failure or "pick one" are the only options.
In any case, you should never want to use PTR RR lookups for principal name canonicalization. (Not unless you are using DNSSEC, which you're almost certainly not.) Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
