DNS correcto

04/02/2004 - 10:10 por Jose | Informe spam
Muy buenas alguien me podría mandar un puntero a algún
documento que explique correctamente el funcionamiento de
DNS en Windows 2000 ó 2003 y cuales son los registros que
se crean o hay que crear justo después de levantar Active
Directory en una Red.

Existe mucha información pero dependiendo de donde mire
lo entiendo de un modo o de otro

Muchas gracias por vuestra ayuda.
 

Leer las respuestas

#1 Javier Inglés [MS MVP]
04/02/2004 - 10:26 | Informe spam
Registros de AD en W2K:

Netlogon registers the following DNS SRV records as
appropriate:
_ldap._tcp.<DnsDomainName>.
Allows a client to find an LDAP server in the domain named
by <DnsDomainName>. For example,
_ldap._tcp.nt.microsoft.com. The LDAP server is not
necessarily a DC. All Windows NT Domain controllers will
register this name.
_ldap._tcp.<SiteName>._sites.<DnsDomainName>.
Allows a client to find an LDAP server in the domain named
by <DnsDomainName> and is in the site named by <SiteName>.
For example, _ldap._tcp.redmond._sites.nt.microsoft.com.
All Windows NT Domain controllers will register this name.
_ldap._tcp.dc._msdcs.<DnsDomainName>
Allows a client to find a DC of the domain named by
<DnsDomainName>. All Windows NT Domain controllers will
register this name.
_ldap._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName>
Allows a client to find a DC of the domain named by
<DnsDomainName> and is in the site named by <SiteName>.
All Windows NT Domain controllers will register this name.
_ldap._tcp.pdc._msdcs.<DnsDomainName>.
Allows a client to find the primary DC (PDC) of the domain
named by <DnsDomainName>. Only the PDC of the domain
registers this name. The PDC is responsible for
deregistering any other registrations of this name.
_ldap._tcp.gc._msdcs.<DnsForestName>.
Allows a client to find a Global Catalog (GC) server for
this domain. Only a DC serving the GC of the forest named
by <DnsForestName> registers this name. For example,
_ldap._tcp.gc._msdcs.microsoft.com.
_ldap._tcp.<SiteName>._sites.gc._msdcs.<DnsForestName>.
Allows a client to find a Global Catalog (GC) server for
this domain and is in the site named by <SiteName>. Only a
DC serving the GC of the forest named by <DnsForestName>
registers this name. For example,
_ldap._tcp.redmond._sites.gc._msdcs.microsoft.com.
_gc._tcp.<DnsForestName>.
Allows a client to find a Global Catalog (GC) server for
this domain. Only an LDAP server serving the GC of the
forest named by <DnsForestName> registers this name. For
example, _gc._tcp.microsoft.com. The LDAP server is not
necessarily a DC.
_gc._tcp.<SiteName>._sites.<DnsForestName>.
Allows a client to find a Global Catalog (GC) server for
this domain and is in the site named by <SiteName>. Only
an LDAP server serving the GC of the forest named by
<DnsForestName> registers this name. For example,
_gc._tcp.redmond._sites.microsoft.com. The LDAP server is
not necessarily a DC.
_ldap._tcp.<DomainGuid>.domains._msdcs.<DnsForestName>.
Allows a client to find a DC in a domain with a GUID of
<DomainGuid>. This operation will only be done if the
<DnsDomainName> of the domain has changed and the
<DnsForestName> is known. This operation is expected to be
infrequent. This operation will only function if the Dns
Forest Name has not also been renamed. For example,
_ldap._tcp.4f904480-7c78-11cf-b057-
00aa006b4f8f.domains._msdcs.microsoft.com. All Windows NT
Domain controllers will register this name.
_kerberos._tcp.<DnsDomainName>
Allows a client to locate a Kerberos Key Distribution
Center (KDC) for the domain. All DCs providing the
Kerberos service will register this name. This service is
at least an RFC-1510 compliant Kerberos 5 KDC. The KDC is
not necessarily a DC. All Windows NT Domain controllers
running the Kerberos KDC service will register this name.
_kerberos._udp.<DnsDomainName>
Same as _kerberos._tcp.<DnsDomainName> except the UDP is
implied.
_kerberos._tcp.<SiteName>._sites.<DnsDomainName>
Allows a client to locate a Kerberos KDC for the domain
named by <DnsDomainName> and is in the site named by
<SiteName>. This service is at least an RFC-1510 compliant
Kerberos 5 KDC. The KDC is not necessarily a DC. All
Windows NT Domain controllers running the Kerberos Key
Distribution Center service will register this name.
_kerberos._tcp.dc._msdcs.<DnsDomainName>
Allows a client to find a DC running a Kerberos KDC for
the domain named by <DnsDomainName>. All Windows NT Domain
controllers running the Kerberos Key Distribution Center
service will register this name.
_kerberos._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName>
Allows a client to find a DC running a Kerberos KDC for
the domain named by <DnsDomainName> and is in the site
named by <SiteName>. All Windows NT Domain controllers and
running the Kerberos Key Distribution Center service
_kpasswd._tcp.<DnsDomainName>
Allows a client to locate a Kerberos Password Change
server for the domain. All servers providing the Kerberos
Password Change service will register this name. This
server at least conforms to draft-ietf-cat-kerb-chg-
password-02.txt. The server is not necessarily a DC. All
Windows NT Domain controllers running the Kerberos Key
Distribution Center service will register this name.
_kpasswd._udp.<DnsDomainName>
Same as _kpasswd._tcp.<DnsDomainName> except the UDP is
implied.
Netlogon registers the following DNS A records:
<DnsDomainName>.
Allows a client to find any DC in the domain via a normal
A record lookup. A name such as this will be returned to
the LDAP client via an LDAP referral.
gc._msdcs.<DnsForestName>
Allows a client to find any GC in the forest via a normal
A record lookup. A name such as this will be returned to
the LDAP client via an LDAP referral.
Netlogon registers the following DNS CNAME records:
<DsaGuid>._msdcs.<DnsForestName>
Allows a client to find any DC in the forest via a normal
A record lookup. The only information known about the DC
is the GUID of the MSFT-DSA object for the DC and the name
of the forest the DC is in. This name is used to ease the
ability to rename a DC.

En W2K3 el cambio está en que la la zona "_mscs" se
crea como una zona del tipo ForestDNSZone y se replica a
todos los DC's para evitrar el problema de la "isla" que
se producía en Windows2000

Salu2!!
Javier Inglés
MS MVP

Muy buenas alguien me podría mandar un puntero a algún
documento que explique correctamente el funcionamiento de
DNS en Windows 2000 ó 2003 y cuales son los registros que
se crean o hay que crear justo después de levantar Active
Directory en una Red.

Existe mucha información pero dependiendo de donde mire
lo entiendo de un modo o de otro

Muchas gracias por vuestra ayuda.


.

Preguntas similares