Grant Taylor <gtay...@tnetconsulting.net> writes: > Do you happen to know off hand if DNS lookups for SRV records happen > before or after initial connection attempts to the standard ports?
> If SRV records are looked up /before/ attempting to connect to standard > ports, I could see adding SRV records as a simple optimization. Before, in the sense that you mean, although it's a little more complicated than that since krb5.conf configuration will override SRV records (as you might expect). So SRV records are only used when there's no client configuration, and in that case the client otherwise isn't going to know what to connect to, so there wouldn't be a connection attempt to a standard port. The idea of SRV record configuration is that all the client needs to know is the realm, at which point it looks up the SRV records for that realm and gets all the other server connection information it needs from that. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
