I have a customer that has an Active Directory domain with 200 domain controllers. When the MIT Kerberos library uses res_search to look up _kerberos._udp.XXX.COM, the result exceeds the 2048 buffer size. The actual size is around 9500 bytes. This code is in src/lib/krb5/os/dnssrv.c