[36179] in Kerberos
Re: tickets with wrong DNS
daemon@ATHENA.MIT.EDU (Brandon Allbery)
Sat Jun 7 10:32:12 2014
From: Brandon Allbery <ballbery@sinenomine.net>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Sat, 7 Jun 2014 14:31:44 +0000
Message-ID: <1402151504.1597.3.camel@vikktakkht.oh3.sinenomine.net>
In-Reply-To: <1402150433.3923.4.camel@hh16.hh3.site>
Content-Language: en-US
Content-ID: <711EA0228FD8E24CA2F6FFF2A36BC7F6@mex05.mlsrvr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Sat, 2014-06-07 at 16:13 +0200, steve wrote:
> We have a Samba4 domain with some Linux clients joined under DHCP. We
> are updating their DNS records via the nsupdate facility in SSSD. All is
> fine, but the worrying issue is that the machines still function even
> with the wrong rr registered in dns. Is this correct behaviour?
Nowhere near enough information to even guess... but Windows domains
(and therefore samba4) tend to use Kerberos principals based on the
netbios name instead of DNS name, so it's not unlikely. As to the more
unixy stuff, if the machine(s) in question aren't servers, they likely
don't care much about their DNS entries; the only common service that
does is the MTA (sendmail/postfix/etc.), and these days it's rare for
clients to run their own MTAs in anything but local queueing mode where
a hosts file entry is generally good enough.
--
brandon s allbery kf8nh sine nomine associates
allbery.b@gmail.com ballbery@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
