Skip to content

Disable DNS lookups of master_kdc

Steve Traylen requested to merge straylen/cern-krb5-conf:nosrv into master

For all cases where a kdc is set we additionally set kdc_master and dns_lookup_kdc = fasle

Motivation here is to avoid these pointless DNS lookups queried     1597  times name _kerberos-master._tcp.CERN.CH queried     1594  times name _kerberos-master._udp.CERN.CH queried     1594  times name _kerberos.CERN.CH

The lookup of kerberos-master happens when the user types in wrong password. krb5-libs retries with the master node to just in case replication has not happened yet. Since we only have "one" this does not make sense but we should at least avoid these lookups.

These lookups are not cached for long (if at all ) since they are non hits.

Edited by Steve Traylen

Merge request reports