On Tue, May 26, 2020 at 3:56 PM Greg Hudson <ghud...@mit.edu> wrote: > On 5/26/20 5:09 PM, Ken Dreyer wrote: > > In public cloud environments or Kubernetes environments, PTR records > > are difficult or impossible for administrators to set. We increasingly > > have to tell users to set "rdns = fallback" or "rdns = false". > > Note that dns_canonicalize_hostname and rdns are separate settings. > dns_canonicalize_hostname supports "fallback", but rdns only supports > true or false (and only takes effect when DNS canonicalization happens).
My bad, you're right. I meant dns_canonicalize_hostname=fallback. I've found some public cloud providers with some very weird PTR records for IP addresses that they hand out. These records are worse than NXDOMAIN, and I was confused to see these in my logs. - Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
