Re: SRV records can't point to CNAMEs

To: debian-edu@lists.debian.org
Subject: Re: SRV records can't point to CNAMEs
From: Petter Reinholdtsen <pere@hungry.com>
Date: Sat, 19 Feb 2011 08:14:03 +0100
Message-id: <20110219071403.GB21132@login2.uio.no>
In-reply-to: <20110218212955.GA29678@flashgordon>
References: <E1Pq5TU-0007wL-Rk@alioth.debian.org> <20110217170302.GA26872@login1.uio.no> <20110217191331.GA30460@flashgordon> <20110218110904.GL2787@login2.uio.no> <20110218171204.GA14204@flashgordon> <20110218185442.GA21132@login2.uio.no> <20110218212955.GA29678@flashgordon>

[Andreas B. Mundt]
> Hmm, I don't know how to fix this. To me it looks a bit like
> sacrificing a clear and common DNS setup in favor of a very special
> setup (for which I don't know how to get Kerberos working).  This
> tuned setup works out of the box at the University of Oslo in a
> special environment, but causes hassle and confusion probably
> everywhere else.

Note that as far as I can tell, the university of Oslo is not a
special environment, and the script is written to handle the common
way to set up Kerberos and LDAP on unix in a mixed AD/Unix network.
It allow Windows and AD clients to get their separate setup without
one leaking into the other unless it is the indended behaviour.  The
script also generate what seem to be a working setup for mit.edu, and
I would very much welcome info on other environments (DNS-domains)
where I can test it. :)

There were many considerations to take when writing the code to
dynamically set up all clients during installation based on DNS, and I
believe I ended up with the most sensible way to do it.

> Any ideas how to solve that and continue?

Well, my idea was already implemented, which was to point SRV records
to servicenames, and make sure these service names were A records in
DNS.

Why not keep the A records and just remove the PTR records?  With
separate forward and reverse records, that should work fine.  After
all, the original complaint was that 'host 10.0.2.2' would resolve to
several names, not that 'host ldap' would resolve to 10.0.2.2.

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: SRV records can't point to CNAMEs
  - From: "Andreas B. Mundt" <andi.mundt@web.de>

References:
- SRV records can't point to CNAMEs (Was: r73002 - in trunk/src/debian-edu-config: debian etc/bind ldap-bootstrap)
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: SRV records can't point to CNAMEs (Was: r73002 - in trunk/src/debian-edu-config: debian etc/bind ldap-bootstrap)
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: SRV records can't point to CNAMEs
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: SRV records can't point to CNAMEs
  - From: "Andreas B. Mundt" <andi.mundt@web.de>
- Re: SRV records can't point to CNAMEs
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: SRV records can't point to CNAMEs
  - From: "Andreas B. Mundt" <andi.mundt@web.de>

Prev by Date: Re: DVD works again: please test, report and contribute to debian-edu-squeeze
Next by Date: cron for ldap2bind and exim brocken in test debian-edu-squeeze?
Previous by thread: Re: SRV records can't point to CNAMEs
Next by thread: Re: SRV records can't point to CNAMEs
Index(es):
- Date
- Thread