Microsoft windows 2000 DNS manual Kerberos.tcp.dc.msdcs.DnsDomainName

Page 39

All DCs providing the Kerberos service will register this name. This service is at least an RFC-1510 compliant Kerberos 5 KDC. The KDC is not necessarily a DC. All Windows NT Domain controllers running the Kerberos KDC service will register this name.

_kerberos._udp.<DnsDomainName>

Same as _kerberos._tcp.<DnsDomainName> except the UDP is implied. _kerberos._tcp.<SiteName>._sites.<DnsDomainName>

Allows a client to locate a Kerberos KDC for the domain named by <DnsDomainName> and is in the site named by <SiteName>. This service is at least an RFC-1510 compliant Kerberos 5 KDC. The KDC is not necessarily a DC. All Windows NT Domain controllers running the Kerberos Key Distribution Center service will register this name.

_kerberos._tcp.dc._msdcs.<DnsDomainName>

Allows a client to find a DC running a Kerberos KDC for the domain named by <DnsDomainName>. All Windows NT Domain controllers running the Kerberos Key Distribution Center service will register this name.

_kerberos._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName> Allows a client to find a DC running a Kerberos KDC for the domain named by <DnsDomainName> and is in the site named by <SiteName>. All Windows NT Domain controllers and running the Kerberos Key Distribution Center service

_kpasswd._tcp.<DnsDomainName>

Allows a client to locate a Kerberos Password Change server for the domain. All servers providing the Kerberos Password Change service will register this name. This server at least conforms to draft-ietf-cat-kerb-chg-password-02.txt.The server is not necessarily a DC. All Windows NT Domain controllers running the Kerberos Key Distribution Center service will register this name.

_kpasswd._udp.<DnsDomainName>

Same as _kpasswd._tcp.<DnsDomainName> except the UDP is implied.

Netlogon registers the following DNS A records:

<DnsDomainName>.

Allows a client to find any DC in the domain via a normal A record lookup. A name such as this will be returned to the LDAP client via an LDAP referral.

gc._msdcs.<DnsForestName>

Allows a client to find any GC in the forest via a normal A record lookup. A name such as this will be returned to the LDAP client via an LDAP referral.

Netlogon registers the following DNS CNAME records:

<DsaGuid>._msdcs.<DnsForestName>

Allows a client to find any DC in the forest via a normal A record lookup. The only information known about the DC is the GUID of the MSFT-DSA object for the DC and the name of the forest the DC is in. This name is used to ease the ability to rename a DC.

Windows 2000 White Paper

33

Page 38 Page 40
Image 39
Page 38 Page 40
Contents Windows 2000 DNS Microsoft Corporation. All rights reserved Contents Designing a DNS Namespace for the Active Directory Summary Page DNS Fundamentals Standards and Additional Reading Name Services in WindowsDraft-skwan-gss-tsig-04.txt GSS Algorithm for Tsig GSS-TSIG History of DNSHierarchy of DNS Domain Names Structure of DNSDNS and Internet Int/net/orgCom Edu Gov Mil Army Microsoft Mit MydomainDistributing the Database Zone Files and Delegation TTLMicrosoft My domain ftp Ntserver Replicating the DNS databaseQuerying the Database NEW Features of the Windows 2000 DNSName Server Resolver Root-server Gov Whitehouse.gov Time to Live for Resource Records Updating the DNS DatabaseActive Directory Storage and Replication Integration Active Directory Service Storage ModelWindows 2000 White Paper Controlling Access to Zones Replication ModelZone Type Conversions Protocol Description Incremental Zone TransferSlave DNS Server Ixfr and DS Integration Dynamic UpdateZone Log File Master DNS ServerDynamic Update of DNS Records Update AlgorithmDhcp Client Mixed EnvironmentClient Reregistration Statically Configured ClientSecure Dynamic Update RAS ClientEstablishing a security context by passing security tokens Secure Dynamic Update Policy Controlling Update Access to Zones and Names DnsUpdateProxy GroupAging and Scavenging DNS Admins GroupAging and Scavenging Parameters DefaultEnableScavenging Scavenging Period DescriptionRecord Life Span Scavenging Algorithm Configuring Scavenging ParametersInteroperability Considerations Unicode Character SupportDomain Locator Finish IP/DNS Compatible Locator DNS Record Registration and Resolver RequirementsLdap.tcp.dc.msdcs.DnsDomainName Kerberos.tcp.dc.msdcs.DnsDomainName IP/DNS DC Locator Algorithm Finish Discovering Site specific DCsCaching Resolver Fully-Qualified Query Name ResolutionUnqualified Single-Label Query Using Global Suffix Search OrderUnqualified Multi-Label Query Using Primary and Per-adapter Domain NamesUnqualified Single-Label Query Scenarios Name Resolution ScenariosNegative Caching Fully-Qualified Query ScenariosMicrosoft Implementation of Negative Caching DNS Server List ManagementAdministrative Tools WMI Support for DNS Server AdministrationDNS Manager Interoperability Issues Using Wins and Winsr RecordsUsing UTF-8 Characters Format DNS Server Performance Receiving Non-RFC Compliant DataUtilization Hardware components Sizing Server Capacity PlanningChoosing Names Internet Access ConsiderationsWindows 2000 White Paper Windows 2000 White Paper Windows 2000 White Paper VPN Com Yyy.com Zzz.com Windows 2000 White Paper Primary Zone YYY corporation ZZZ corporation VPN Firewall Computer Names Characters in NamesPer-Adapter Naming Full computer nameIntegrating ADS with Existing DNS Structure Domain name and sites. Active Directory domain name DNS Migration to Windows 2000 DNSPartitioning, and Replication Choosing your Zones Deploying DNS to Support Active DirectoryWins Referral Using Automatic ConfigurationIxfr Ixfr For More InformationWindows 2000 White Paper
Top Page Image Contents