[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting DNS Servers Manually?



On Wed, 17 Oct 2007 21:44:17 -0700
"Henry B. Hotz" <hotz@jpl.nasa.gov> wrote:

> I'm not sure I understand.
> 
> If you put everything in the krb5.conf then it doesn't need to do SRV  
> record lookup.  You could setenv KRB5_CONFIG to an application- 
> specific config file.  Maybe you can even put the Krb servers in as  
> IP numbers instead of DNS names.  Was that the sort of thing you were  
> looking for?

Hi Henry,

Actually I already do that mostly. I bypass the SRV lookups by doing
those myself. And I added a krb5_config_set function to set the kdc
(and kpasswd_server for password setting). But still libkrb5 needs to
do at least A record lookups and I wouldn't be surprised to find some
logic that still provokes SRV lookups or need to do them for some reason.

Converting to IP before krb5_config_set-ing seems seems like it could
lead to trouble since Kerberos needs FQDNs to pick out realms, generate
names, etc.

Also, what I really want to do is channel all DNS queries through my
DNS lib so I provide consistent DNS server fallback behavior, caching,
server "stickiness", etc.

But for now I would be happy if I could just overload gethostbyname. So
basically I want to create a 'libmyresolv' that has a my_gethostbyname
function and then modify Heimdal to use it. Unfortunately the libmyresolv
would need to link with my libs that link with Heimdal which creates a
nasty circular dependency. Still haven't wrapped my head around that one.

Mike

> On Oct 17, 2007, at 2:38 PM, Michael B Allen wrote:
> 
> > Hello,
> >
> > I want to my apps to be configureable independantly of host  
> > settings. Is
> > there a way to tell Heidmal to use a specific set of DNS servers?
> >
> > I have my own DNS routines so one option is to create and link with my
> > own libresolv but I'm hoping there's an easier solution.
> >
> > Any ideas?
> >
> > Off to look at the code,
> > Mike
> >
> > -- 
> > Michael B Allen
> > PHP Active Directory SPNEGO SSO
> > http://www.ioplex.com/
> 
> ------------------------------------------------------------------------
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
> 
> 


-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/