[30930] in Kerberos
RE: SASL authentication
daemon@ATHENA.MIT.EDU (Xu, Qiang (FXSGSC))
Wed Mar 25 22:08:59 2009
From: "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com>
To: Markus Moeller <huaraz@moeller.plus.com>,
"kerberos@mit.edu"
<kerberos@mit.edu>
Date: Thu, 26 Mar 2009 10:07:32 +0800
Message-ID: <D8C9BC7FFCF8154FB7141EB8DB609C172905982601@SGPAPHQ-EXSCC01.dc01.fujixerox.net>
In-Reply-To: <gqe8ig$khb$1@ger.gmane.org>
Content-Language: en-US
MIME-Version: 1.0
X-MAIL-FROM: <qiang.xu@fujixerox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> -----Original Message-----
> From: kerberos-bounces@mit.edu
> [mailto:kerberos-bounces@mit.edu] On Behalf Of Markus Moeller
> Sent: Thursday, March 26, 2009 5:43 AM
> To: kerberos@mit.edu
> Subject: Re: SASL authentication
>
>
> "Xu, Qiang (FXSGSC)" <Qiang.Xu@fujixerox.com> wrote
> > Or it may be the problem of some DNS server. Because if I put
> > the nameserver 13.198.96.10 in front of 13.198.98.35, it still
> > doesn't work. By right, if a hostname can't be located by the first
> > nameserver, it should continue to look for the hostname in the
> > second nameserver, right?
>
> No it wouldn't. If the first server says unknown domain it is
> a valid reponse and the next server wouldn't be queried. Only
> if the first server does not reply the second will be used (afaik)
Now my resolve.conf is as follows:
================================
search sgp.fujixerox.com sesswin2003.com
nameserver 13.198.98.35
nameserver 13.198.96.10
================================
The machine "durian" can only be resolved by "13.198.98.10".
This is the result of nslookup:
================================
qxu@durian(pts/1):~[5]$ nslookup durian
Server: 13.198.96.10
Address: 13.198.96.10#53
Non-authoritative answer:
Name: durian.sgp.fujixerox.com
Address: 13.198.98.190
================================
Why doesn't it go to the first nameserver (13.198.98.35) to try to resolve "durian"? 13.198.98.10 is the second server.
And I can verify the first server is alive and working:
================================
qxu@durian(pts/1):~[6]$ nslookup sesswin2003
Server: 13.198.98.35
Address: 13.198.98.35#53
Name: sesswin2003.sesswin2003.com
Address: 13.198.98.35
================================
So if the first server is alive, when the request to resolve "durian" arrives, the first nameserver (13.198.98.35) should be queried. Is it? But in fact, the first server was skipped, and the query was done with the second server. How to explain this behavior?
Thanks,
Xu Qiang
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos