The following message is a courtesy copy of an article that has been posted to comp.protocols.kerberos as well. In 1.8.1, there is the following code in src/lib/krb5/os/dnsglue.c: krb5int_dns_init(struct krb5int_dns_state **dsp, char *host, int nclass, int ntype) { ... nextincr = 2048; maxincr = INT_MAX; ... One day, due to an error, the number of KDC SRV records for one of our realms doubled from 27 to 54... and KDC lookups via DNS prompty broke. I bumped up the nextincr value above, and it started working again. Probably not the right fix, but just letting you know that there's a bug here. -- Richard Silverman res@qoxp.net