Steve, Bionic still has the default (commented-out)
#DNSStubListener=udp
in /etc/systemd/resolved.conf .
I've noticed that this breaks Kerberos KDC lookup at a large site, because the reply is quite large:
# host -t SRV _kerberos._udp.xxx.example.com
;; Connection to 127.0.0.53#53(127.0.0.53) for _kerberos._udp.xxx.example.com failed: connection refused.
# kinit <email address hidden>
kinit: Cannot find KDC for realm "XXX.EXAMPLE.COM" while getting initial credentials
After setting DNSStubListener=yes:
# host -t srv _kerberos._udp.xxx.example.com
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx01.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx02.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx03.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx04.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx05.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx06.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx07.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx08.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx09.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx10.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx11.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx12.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx13.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx14.xxx.example.com.
_kerberos._udp.xxx.example.com has SRV record 0 100 88 xxxxxxx15.xxx.example.com.
# kinit <email address hidden>
Password for <email address hidden>:
Steve, Bionic still has the default (commented-out)
#DNSStubLis tener=udp
in /etc/systemd/ resolved. conf .
I've noticed that this breaks Kerberos KDC lookup at a large site, because the reply is quite large:
# host -t SRV _kerberos. _udp.xxx. example. com 53#53(127. 0.0.53) for _kerberos. _udp.xxx. example. com failed: connection refused.
;; Connection to 127.0.0.
# kinit <email address hidden>
kinit: Cannot find KDC for realm "XXX.EXAMPLE.COM" while getting initial credentials
After setting DNSStubListener =yes:
# host -t srv _kerberos. _udp.xxx. example. com _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx01. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx02. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx03. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx04. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx05. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx06. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx07. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx08. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx09. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx10. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx11. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx12. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx13. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx14. xxx.example. com. _udp.xxx. example. com has SRV record 0 100 88 xxxxxxx15. xxx.example. com.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
_kerberos.
# kinit <email address hidden>
Password for <email address hidden>: