I got curious enough to try this out to see if I can find a _kerberos lookup...
During the join I saw 4x queries for _ldap._tcp.dc._msdcs.<rootdomain> During the first boot and local domain user logon I saw 1x query for _ldap._tcp.<site>._sites.<domain> So I never saw it... Then I thought... Hmm maybe it shortcuts because it knows its own domain is a 2K or better domain and knows that kerberos will be there. Let me try a trusted domain user logon from the same forest. Bam! There is it.... 1x query for _kerberos._tcp.<site>._sites.dc._msdcs.<trusted child domain> 1x query for _ldap._tcp.<site>._sites.dc._msdcs.<trusted child domain> 1x query for _ldap._tcp.<site>._sites.<trusted child domain> joe -----Original Message----- From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED] Sent: Thursday, May 05, 2005 8:24 PM To: 'joe '; '[EMAIL PROTECTED] '; '[email protected] ' Subject: RE: [ActiveDir] DNS vs. Hosts File Darren has written a great article on AD network interactions (http://www.windowsitpro.com/Article/ArticleID/37928/37928.html) Both _ldap and _kerberos are used during authentication #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 5/6/2005 2:12 AM Subject: RE: [ActiveDir] DNS vs. Hosts File I believe Jorge is correct. If I recall correctly, the last time I did a complete trace from boot to log on of a K3 Server the only SRV record looked up at any point in that process was the _ldap._tcp.<site>._sites.<domain> record. However, I can't count out that some caching from previous boots wasn't being used by the server when it started. The full proof way I guess of testing this would be to take a raw fresh box and trace it on startup through the join process and then reboot and log on to see if the kerberos record is ever queried. However, in all of the traces I have done, I don't think I ever recall seeing a query for the _kerberos records.... Does MS DNS have the capability to keep easy statistics on what records are queried and how often? joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Thursday, May 05, 2005 7:41 PM To: [email protected] Subject: Re: [ActiveDir] DNS vs. Hosts File I thought for auth purposes, it was _kerberos.tcp.<site>. etc,etc...? Am I wrong? Thanks -------------------------- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
