Re: NFS4 and Kerberos: A-records for same IP inflate the need for service principals
[Andreas B. Mundt]
> I tried to find the reason for these corresponding A-records,
There are two aspects coming together to cause this effect. We use
strict mode in powerdns, allowing shared A/PTR entries in LDAP, and
the fact that SRV and MX records need to point to A records. As our
design allow for scaling by moving individual services out by changing
DNS entries, we need to use the service names in DNS. And thus, we
end up with several PTR entries for 10.0.2.2. :/
Not quite sure how to best adjust this and still get a sensible and
scalable solution.
> I am not an expert regarding that stuff and I don't know if there
> are other ways to achieve the desired. However, it looks as with the
> current setup we need service principals for all host aliases.
That isn't too bad, is it? It can be added automatically at install
time, right?
Happy hacking,
--
Petter Reinholdtsen
Reply to: