[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Setting DNS Servers Manually?

To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: Setting DNS Servers Manually?
From: Michael B Allen <miallen@ioplex.com>
Date: Thu, 18 Oct 2007 01:57:00 -0400
Cc: heimdal-discuss@sics.se
In-Reply-To: <61562DC8-3EA4-46DE-8DE2-BD4C1649860D@jpl.nasa.gov>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Organization: IOPLEX Software
References: <20071017173851.c6c1fc0c.miallen@ioplex.com><61562DC8-3EA4-46DE-8DE2-BD4C1649860D@jpl.nasa.gov>
Reply-To: heimdal-discuss@sics.se, Michael B Allen <miallen@ioplex.com>

On Wed, 17 Oct 2007 21:44:17 -0700
"Henry B. Hotz" <hotz@jpl.nasa.gov> wrote:

> I'm not sure I understand.
> 
> If you put everything in the krb5.conf then it doesn't need to do SRV  
> record lookup.  You could setenv KRB5_CONFIG to an application- 
> specific config file.  Maybe you can even put the Krb servers in as  
> IP numbers instead of DNS names.  Was that the sort of thing you were  
> looking for?

Hi Henry,

Actually I already do that mostly. I bypass the SRV lookups by doing
those myself. And I added a krb5_config_set function to set the kdc
(and kpasswd_server for password setting). But still libkrb5 needs to
do at least A record lookups and I wouldn't be surprised to find some
logic that still provokes SRV lookups or need to do them for some reason.

Converting to IP before krb5_config_set-ing seems seems like it could
lead to trouble since Kerberos needs FQDNs to pick out realms, generate
names, etc.

Also, what I really want to do is channel all DNS queries through my
DNS lib so I provide consistent DNS server fallback behavior, caching,
server "stickiness", etc.

But for now I would be happy if I could just overload gethostbyname. So
basically I want to create a 'libmyresolv' that has a my_gethostbyname
function and then modify Heimdal to use it. Unfortunately the libmyresolv
would need to link with my libs that link with Heimdal which creates a
nasty circular dependency. Still haven't wrapped my head around that one.

Mike

> On Oct 17, 2007, at 2:38 PM, Michael B Allen wrote:
> 
> > Hello,
> >
> > I want to my apps to be configureable independantly of host  
> > settings. Is
> > there a way to tell Heidmal to use a specific set of DNS servers?
> >
> > I have my own DNS routines so one option is to create and link with my
> > own libresolv but I'm hoping there's an easier solution.
> >
> > Any ideas?
> >
> > Off to look at the code,
> > Mike
> >
> > -- 
> > Michael B Allen
> > PHP Active Directory SPNEGO SSO
> > http://www.ioplex.com/
> 
> ------------------------------------------------------------------------
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
> 
> 

-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

Follow-Ups:
- Re: Setting DNS Servers Manually?
  - From: Buchan Milne <bgmilne@mandriva.org>
- Re: Setting DNS Servers Manually?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- Setting DNS Servers Manually?
  - From: Michael B Allen <miallen@ioplex.com>
- Re: Setting DNS Servers Manually?
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: Setting DNS Servers Manually?
Next by Date: Re: Setting DNS Servers Manually?
Prev by thread: Re: Setting DNS Servers Manually?
Next by thread: Re: Setting DNS Servers Manually?
Index(es):
- Date
- Thread