On 9/15/2016 12:11 AM, Victor Sudakov wrote: > Dear Colleagues, > > I'm trying to use a DNS TXT record to lookup domain to realm mappings: > > $ dig +short txt _kerberos.mydomain.example > "FOO.EXAMPLE"
This indicates that the Kerberos realm for "mydomain.example" is "FOO.EXAMPLE". The Kerberos library now needs to find the KDCs for FOO.EXAMPLE and issues > $ dig +short srv _kerberos._udp.mydomain.example > 20 0 88 big.mydomain.example. > 10 0 88 small.mydomain.example. to obtain the list of KDC addresses that support the UDP protocol. > > However, a Kerberos client, after correctly discovering its realm as > "FOO.EXAMPLE", is trying to lookup _kerberos._udp.FOO.EXAMPLE etc. > > Is it expected behaviour? I supposed it should be looking up > _kerberos._udp.mydomain.example. The behavior as observed is correct. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature