Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) Subject: decouple DNS queries from KDC communication X-RT-Original-Encoding: iso-8859-1 Content-Length: 948 There's no reason the first packet sent to the KDC has to be delayed until every address for every listed KDC host has been acquired. Look at Greg Hudson's "libares" async resolver code. See if BIND 9 has support for this sort of thing too. A possible approach: Get the SRV records or krb5.conf data, pick an order for the hosts, start resolving all the names, and when the addresses for the first host come in, fire off a packet; on timeout for the first host, *and* after the addresses for the second host are available, try the second host. When a suitable response comes in, close sockets and abandon any resolver queries in progress. (Q: Cache the data for a while?) More complicated: We use the same send_to_* code now for krb5 KDC, krb4 KDC and krb524d, at least, all with the same issue. The name lookups and fallbacks are handled differently in each case. Perhaps an ordered list of hostnames and port numbers needs to be supplied.