Support User Manuals

Microsoft windows 2000 DNS Server User Manual

Open as PDF

of 70

All DCs providing the Kerberos service will register this name. This service is at

least an RFC-1510 compliant Kerberos 5 KDC. The KDC is not necessarily a DC.

All Windows NT Domain controllers running the Kerberos KDC service will register

this name.

_kerberos._udp.<DnsDomainName>

Same as _kerberos._tcp.<DnsDomainName> except the UDP is implied.

_kerberos._tcp.<SiteName>._sites.<DnsDomainName>

Allows a client to locate a Kerberos KDC for the domain named by

<DnsDomainName> and is in the site named by <SiteName>. This service is at

least an RFC-1510 compliant Kerberos 5 KDC. The KDC is not necessarily a DC.

All Windows NT Domain controllers running the Kerberos Key Distribution Center

service will register this name.

_kerberos._tcp.dc._msdcs.<DnsDomainName>

Allows a client to find a DC running a Kerberos KDC for the domain named by

<DnsDomainName>. All Windows NT Domain controllers running the Kerberos Key

Distribution Center service will register this name.

_kerberos._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName>

Allows a client to find a DC running a Kerberos KDC for the domain named by

<DnsDomainName> and is in the site named by <SiteName>. All Windows NT

Domain controllers and running the Kerberos Key Distribution Center service

_kpasswd._tcp.<DnsDomainName>

Allows a client to locate a Kerberos Password Change server for the domain. All

servers providing the Kerberos Password Change service will register this name.

This server at least conforms to draft-ietf-cat-kerb-chg-password-02.txt. The server

is not necessarily a DC. All Windows NT Domain controllers running the Kerberos

Key Distribution Center service will register this name.

_kpasswd._udp.<DnsDomainName>

Same as _kpasswd._tcp.<DnsDomainName> except the UDP is implied.

Netlogon registers the following DNS A records:

<DnsDomainName>.

Allows a client to find any DC in the domain via a normal A record lookup. A name

such as this will be returned to the LDAP client via an LDAP referral.

gc._msdcs.<DnsForestName>

Allows a client to find any GC in the forest via a normal A record lookup. A name

such as this will be returned to the LDAP client via an LDAP referral.

Netlogon registers the following DNS CNAME records:

<DsaGuid>._msdcs.<DnsForestName>

Allows a client to find any DC in the forest via a normal A record lookup. The only

information known about the DC is the GUID of the MSFT-DSA object for the DC

and the name of the forest the DC is in. This name is used to ease the ability to

rename a DC.

Windows 2000 White Paper

33

previous next