The "automatic DNS resolution in #180 seems to have broken SetDirectorySearch() in my environment. This is causing failed LDAP connections when I run Snaffler from Server 2025 OS (not sure if the root cause is an OS default or some GPO). I haven't investigated fully, but I'm guessing this has something to do with the lack of Kerberos auth (connecting via IP) and either LDAP signing or channel token binding.
Not wanting to undo the new capabilities introduced in #180, should we add a config option to control the DNS lookup behavior, something like?
if (!string.IsNullOrEmpty(MyOptions.TargetDc)){
if(MyOptions.ResolveDcDns) {
string dcIp = GetIPv4Address(MyOptions.TargetDc);
Mq.Trace("Target DC specified: " + MyOptions.TargetDc + " , resolved IP to " + dcIp);
_targetDc = dcIp;
} else {
_targetDc = MyOptions.TargetDc;
}
....
}
The "automatic DNS resolution in #180 seems to have broken
SetDirectorySearch()in my environment. This is causing failed LDAP connections when I run Snaffler from Server 2025 OS (not sure if the root cause is an OS default or some GPO). I haven't investigated fully, but I'm guessing this has something to do with the lack of Kerberos auth (connecting via IP) and either LDAP signing or channel token binding.Not wanting to undo the new capabilities introduced in #180, should we add a config option to control the DNS lookup behavior, something like?