On Tue, May 26, 2020 at 3:58 PM Jeffrey Altman <[email protected]> wrote: > > 2. Before the existence of DNS SRV records, CNAME records were the > only method of offering a service on multiple hosts. However, > its a poor idea to share the same key across all of the hosts.
I'm curious about this. What makes it a poor idea? It seems like a very convenient way to scale a service up and down dynamically quickly when you share a key among all instances. > Again, disabling "rdns" by default will break an unknown number > of application clients. Sure. My point is that it breaks the other way for modern architectures where PTR records will never be under an application developer's control. With Kubernetes a service can appear to clients to move IPs very quickly. I'm not defending Kubernetes or anything here, I'm wildly speculating that maybe breaking with the past is a good idea as more applications and developers move in this direction. - Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
