r10398: Don't do DNS lookups on short names (no .).

Andrew Bartlett

diff --git a/source/auth/kerberos/kerberos-notes.txt b/source/auth/kerberos/kerberos-notes.txt
index cfbf904bb3cfa517daa9f5bc8addebf0bb652798..3b2989eee129e502d6afa3d71e1ef1d5702fd6c6 100644 (file)
--- a/source/auth/kerberos/kerberos-notes.txt
+++ b/source/auth/kerberos/kerberos-notes.txt
@@ -365,4 +365,12 @@ by providing specific, english text-string error messages instead of
 just error code translations.
 
 
+Short name rules
+----------------
+
+Samba is highly likely to be misconfigured, in many weird and
+interesting ways.  As such, we have a patch for Heimdal that avoids
+DNS lookups on names without a . in them.  This should avoid some
+delay and root server load.
+
 

diff --git a/source/heimdal/lib/krb5/krbhst.c b/source/heimdal/lib/krb5/krbhst.c
index 49eee08ca5d5ced3956f1d2d6744f47824a79021..98e9cb3f095cbe9ebfe8bc75f19be25cdeb8598a 100644 (file)
--- a/source/heimdal/lib/krb5/krbhst.c
+++ b/source/heimdal/lib/krb5/krbhst.c
@@ -634,6 +634,11 @@ common_init(krb5_context context,
        return NULL;
     }
 
+    /* For 'realms' without a . do not even think of going to DNS */
+    if (!strchr(realm, '.')) {
+       kd->flags |= KD_CONFIG_EXISTS;
+    }
+
     if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG)
        kd->flags |= KD_LARGE_MSG;
     kd->end = kd->index = &kd->hosts;