RFR 8052412: Too many DNS requests for KDC setttings
Christos Zoulas
christos at zoulas.com
Mon Aug 4 05:13:19 UTC 2014
On Aug 4, 11:27am, xuelei.fan at oracle.com (Xuelei Fan) wrote:
-- Subject: Re: RFR 8052412: Too many DNS requests for KDC setttings
| On 8/4/2014 11:25 AM, Wang Weijun wrote:
| >
| > On Aug 4, 2014, at 11:14, Xuelei Fan <xuelei.fan at oracle.com> wrote:
| >
| >> It's not common but the DNS records of KDC may be updated. This update
| >> may introduce regression if the DNS record get updated. Is it possible
| >> to support cache timeout in order to mitigate the impact?
| >
| > Are you OK with using the TTL value in the DNS response?
| >
| Sound like a good value to me.
Just for the DNS timeout? How about TTL/2? What does the Unix KDC do?
christos
More information about the security-dev
mailing list