Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

DNS and Active Directory

Occasionally we hear from UNIX network administrators who want to use a UNIX-based DDNS server in place of the Microsoft DNS server. While this might be desirable to some, the MS Windows 200x DNS server is autoconfigured to work with Active Directory. It is possible to use BIND version 8 or 9, but it will almost certainly be necessary to create service records (SRV records) so MS Active Directory clients can resolve hostnames to locate essential network services. The following are some of the default service records that Active Directory requires:

The use of DDNS is highly recommended with Active Directory, in which case the use of BIND9 is preferred for its ability to adequately support the SRV (service) records that are needed for Active Directory. Of course, when running ADS, it makes sense to use Microsoft's own DDNS server because of the natural affinity between ADS and MS DNS.

_ldap._tcp.pdc._msdcs. Domain

This provides the address of the Windows NT PDC for the domain.

_ldap._tcp.pdc._msdcs. DomainTree

Resolves the addresses of global catalog servers in the domain.

_ldap._tcp. site .sites.writable._msdcs. Domain

Provides list of domain controllers based on sites.

_ldap._tcp.writable._msdcs. Domain

Enumerates list of domain controllers that have the writable copies of the Active Directory data store.

_ldap._tcp. GUID .domains._msdcs. DomainTree

Entry used by MS Windows clients to locate machines using the global unique identifier.

_ldap._tcp. Site .gc._msdcs. DomainTree

Used by Microsoft Windows clients to locate the site configuration-dependent global catalog server.

Specific entries used by Microsoft clients to locate essential services for an example domain called quenya.org include:

  • _kerberos._udp.quenya.org Used to contact the KDC server via UDP. This entry must list port 88 for each KDC.

  • _kpasswd._udp.quenya.org Used to locate the kpasswd server when a user password change must be processed. This record must list port 464 on the master KDC.

  • _kerberos._tcp.quenya.org Used to locate the KDC server via TCP. This entry must list port 88 for each KDC.

  • _ldap._tcp.quenya.org Used to locate the LDAP service on the PDC. This record must list port 389 for the PDC.

  • _kpasswd._tcp.quenya.org Used to locate the kpasswd server to permit user password changes to be processed. This must list port 464.

  • _gc._tcp.quenya.org Used to locate the global catalog server for the top of the domain. This must list port 3268.

The following records are also used by the Windows domain member client to locate vital services on the Windows ADS domain controllers.

  • _ldap._tcp.pdc._msdcs.quenya.org

  • _ldap.gc._msdcs.quenya.org

  • _ldap.default-first-site-name._sites.gc._msdcs.quenya.org

  • _ldap.{SecID}.domains._msdcs.quenya.org

  • _ldap._tcp.dc._msdcs.quenya.org

  • _kerberos._tcp.dc._msdcs.quenya.org

  • _ldap.default-first-site-name._sites.dc._msdcs.quenya.org

  • _kerberos.default-first-site-name._sites.dc._msdcs.queyna.org

  • SecID._msdcs.quenya.org

Presence of the correct DNS entries can be validated by executing:

root#  dig @frodo -t any _ldap._tcp.dc._msdcs.quenya.org

; <lt;>> DiG 9.2.2 <lt;>> @frodo -t any _ldap._tcp.dc._msdcs.quenya.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3072
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2


;; QUESTION SECTION:
;_ldap._tcp.dc._msdcs.quenya.org. IN        ANY


;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 frodo.quenya.org.
_ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 noldor.quenya.org.


;; ADDITIONAL SECTION:
frodo.quenya.org.  3600  IN      A       10.1.1.16
noldor.quenya.org. 1200  IN      A       10.1.1.17


;; Query time: 0 msec
;; SERVER: frodo#53(10.1.1.16)
;; WHEN: Wed Oct  7 14:39:31 2004
;; MSG SIZE  rcvd: 171

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire