On 1/11/2019 11:35 AM, Adam Lewenberg wrote:
> I would like to change our Kerberos DNS SRV records from using an A
> record to a CNAME record. According to the DNS specs, a SRV record can
> only point to an A (or AAAA) record.
That is correct. Pointing an SRV entry to a CNAME will lead to
unpredictable behavior depending upon the implementation of both the DNS
client and the server.
I'm 100% with Jeff because imagine that a future upgrade will give you
a resolver (on any OS/client) that will do as the specification says
and not give the answer you expect? In other words: If you control all
the clients and are not afraid to get problems which are hard to
debug, go ahead and use CNAMES ;-)