Active Directory DNS records - BlueCat Integrity

Active Directory DNS records - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale

English

Product name

BlueCat Integrity

Version

9.5.0

The following contains a list of Active Directory specific records that are registered by the NetLogon service. Each record is followed by an example of its usage.

SRV Records

_ldap._tcp.DomainName—SRV record that identifies an LDAP server in the domain named by DomainName. The LDAP server isn't necessarily a Domain Controller (DC). This record is registered by all DCs. For example:

_ldap._tcp.bluecatnetworks.com

_ldap._tcp.SiteName._sites.DomainName—Enables a client to find an LDAP server in the domain named by DomainName. This record is registered by all DCs. For example:

_ldap._tcp.richmondhill.bluecatnetworks.com

_ldap._tcp.dc._msdcs.DomainName—Used by clients to locate a Domain Controller (DC) in the domain named by DomainName. This record is registered by all DCs. For example:

_ldap._tcp.dc._msdcs.bluecatnetworks.com

_ldap._tcp.SiteName._sites.dc._msdcs.DomainName—Enables a client to locate a DC for the given site and domain named by SiteName and DomainName respectively. For example:

_ldap.tcp.richmondhill._sites.dc._msdcs.bluecatnetworks.com

_ldap._tcp.pdc._msdcs.DomainName—Enables a client to locate the Primary Domain Controller (PDC) for a domain named by DomainName. This record is registered only by the PDC of the domain. For example:

_ldap._tcp.pdc._mscdcs.bluecatnetworks.com

_ldap._tcp.gc._msdcs.DomainName—Enables a client to find the Global Catalog (GC) for the forest. Only the DC for the GC registers this record. For example:

_ldap._tcp.gc._msdcs.bluecatnetworks.com

_ldap._tcp.SiteName._sites.gc._msdcs.ForestName—Enables a client to find a GC for the forest named by ForestName. Only an LDAP server responsible for the GC registers this record. For example:

_ldap._tcp.richmondhill._sites.gc._msdcs.bluecatnetworks.com

_gc._tcp.ForestName—Enables a client to locate a GC for the forest named by ForestName. Only an LDAP server responsible for the GC registers this record. The LDAP server isn't necessarily a DC. For example:

_gc._tcp.bluecatnetworks.com

_gc._tcp.SiteName._sites.ForestName—Enables a client to find a GC for the site and forest named by SiteName and ForestName respectively. Only an LDAP server responsible for the GC registers this record. For example:

_gc._tcp.richmondhill._sites.bluecatnetworks.com

_ldap._tcp.DomainGuid.domains._msdcs.ForestName—Used by clients to find a DC given the domain GUID of DomainGuid in the forest named by ForestName. This lookup can used to resolve the DC if the domain name has changed. This record is used infrequently and doesn't work if the ForestName has been changed. For example:

_ldap._tcp.01693484-b5c4-4b31-8608-80e 77ccc78b8.domains._msdcs.
bluecatnetworks.com

_kerberos._tcp.DomainName—Enables a client to find a Kerberos Key Distribution Center (KDC) for the domain named by DomainName. This record is registered by all DCs providing the Kerberos service. This service is RFC-1510 compliant with Kerberos 5 KDC. The server isn't necessarily a DC. For example:

_kerberos._tcp.bluecatnetworks.com

_kerberos._udp.DomainName—Enables a client to find a Kerberos Key Distribution Center (KDC) for the domain named by DomainName. This record is registered by all DCs providing the Kerberos service. This service is RFC 1510 compliant with Kerberos 5 KDC. The server isn't necessarily a DC. This service supports UDP. For example:

_kerberos._tcp.bluecatnetworks.com

_kerberos._tcp.SiteName._sites.DomainName—Enables a client to locate a server running the Kerberos KDC for a site and domain named by SiteName and DomainName respectively. The server isn't necessarily a DC. For example:

_kerberos._tcp.richmondhill._sites.bluecatnetworks.com

_kerberos._tcp.SiteName._sites.dc._msdcs.DomainName—Used by clients to locate the DC running a Kerberos KDC for the site and domain named by SiteName and DomainName respectively. For example:

_kerberos._tcp.richmondhill._sites.dc._msdcs.bluecatnetworks.com

_kpasswd._tcp.DomainName—Enables a client to find a Kerberos Password Change Server for the domain named by DomainName. The server isn't necessarily a DC. All DCs running the Kerberos KDC register this record. For example:

_kpasswd._tcp.bluecatnetworks.com

_kpasswd._udp.DomainName—Enables a client to find a Kerberos Password Change Server for the domain named by DomainName. The server isn't necessarily a DC. All DCs running the Kerberos KDC register this record. For example:

_kpasswd._udp.bluecatnetworks.com

A records

ServerName.DomainName—The server name named by ServerName is registered in the domain named by DomainName. This record is used by referral lookups to SRV and CNAME records. For example:

dc1.bluecatnetworks.com

gc._msdcs.ForestName—Enables a client to find a GC for a given forest named by ForestName. This record is used by referral from SRV records. For example:

gc._msdcs.bluecatnetworks.com

CNAME records

DSAGuid._msdcs.ForestName—Enables a client to locate any DC in the forest named by ForestName by the GUID of the MSFT-DSA (Directory Services) object. For example:

01693484-b5c4-4b31-8608-80e77ccc78b8._msdcs.bluecatnetworks.com