[Authentication] realm discover seems to only query the first five DCs returned from looking up the DCs

[Richard Sharpe]

Hi folks,

I am dealing with a situation where I think the customer has
configured sites and services incorrectly and is not returning the
local DC first in the list of DCs in the request for
_ldag._tcp.<realm>.

There are 31 responses (which seems to be their world-wide network).

realm discover consistently only sends cldap requests to the first
five entries and because they have blocked access on that site out of
geographic location, they never find the local DC because it is
unlikely to be within the first five in the responses returned.

Is there some way to change this behavior?

I am very unfamiliar with the code base, but would increasing the
symbol DISCO_FEVER in service/realm-disco-mscldap.c change behavior?

Would a better approach be to rotate the IPs queried? I wouldn't know
how to do that because the learning curve looks large but I wondered.

I have a capture of the behavior that I could possibly share ...

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)