> For Active Directory cross-forest trusts to work, we need following records
> to be in place:
> _ldap._tcp.<DOMAIN>
> _kerberos._udp.<DOMAIN>
> _kerberos._tcp.<DOMAIN>
> _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.<DOMAIN>
> _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs.<DOMAIN>
> _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.<DOMAIN>
> _ldap._tcp.dc._msdcs.<DOMAIN>
> _kerberos._udp.dc._msdcs.<DOMAIN>
> _kerberos._tcp.dc._msdcs.<DOMAIN>

I've checked with nslookup, and for the IPA subdomain csns.example.com, all the 
records are in place. For the parent example.com domain, though, the following 
four records are not found:


Do these need to be manually added to our DNS records? I've never had to 
manually add an SRV record before. If it matters, we are not using our domain 
controllers as our DNS servers -- we have separate, dedicated DNS servers in 
our environment.


David Guertin

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to