Windows Domain SRV Entries

keef · Jun 15, 2009, 3:09 PM

Hi, I have a Windows Domain and need some help with the dns entries and getting them into pfsenses tinydns server. I've goggled and searched the forums but haven't been able to find a post on how to set it up.

So I've got my domain controller up and running and I've got the file C:\WINDOWS\system32\config\netlogin.dns and it contains the entries that I need to get into the DNS server.

my.domain.com. 600 IN A 192.168.1.8
_ldap._tcp.my.domain.com. 600 IN SRV 0 100 389 dc.my.domain.com.
_ldap._tcp.Default-First-Site-Name._sites.my.domain.com. 600 IN SRV 0 100 389 dc.my.domain.com.
_ldap._tcp.pdc._msdcs.my.domain.com. 600 IN SRV 0 100 389 dc.my.domain.com.
_ldap._tcp.gc._msdcs.my.domain.com. 600 IN SRV 0 100 3268 dc.my.domain.com.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.my.domain.com. 600 IN SRV 0 100 3268 dc.my.domain.com.
_ldap._tcp.b87a2175-d8da-4b43-9a1f-f0683239d659.domains._msdcs.my.domain.com. 600 IN SRV 0 100 389 dc.my.domain.com.
gc._msdcs.my.domain.com. 600 IN A 192.168.1.8
afe2d0e8-2332-4856-81e6-63f4cec140e1._msdcs.my.domain.com. 600 IN CNAME dc.my.domain.com.
_kerberos._tcp.dc._msdcs.my.domain.com. 600 IN SRV 0 100 88 dc.my.domain.com.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain.com. 600 IN SRV 0 100 88 dc.my.domain.com.
_ldap._tcp.dc._msdcs.my.domain.com. 600 IN SRV 0 100 389 dc.my.domain.com.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain.com. 600 IN SRV 0 100 389 dc.my.domain.com.
_kerberos._tcp.my.domain.com. 600 IN SRV 0 100 88 dc.my.domain.com.
_kerberos._tcp.Default-First-Site-Name._sites.my.domain.com. 600 IN SRV 0 100 88 dc.my.domain.com.
_gc._tcp.my.domain.com. 600 IN SRV 0 100 3268 dc.my.domain.com.
_gc._tcp.Default-First-Site-Name._sites.my.domain.com. 600 IN SRV 0 100 3268 dc.my.domain.com.
_kerberos._udp.my.domain.com. 600 IN SRV 0 100 88 dc.my.domain.com.
_kpasswd._tcp.my.domain.com. 600 IN SRV 0 100 464 dc.my.domain.com.
_kpasswd._udp.my.domain.com. 600 IN SRV 0 100 464 dc.my.domain.com.

From what I've read I just need to get these entries into the pfsense dns server, I've entered the records but am not sure if they are meant to be TXT or RAW Record Types or If there should be . in the records names. This is what I entered…..

my.domain.com SOA ns1.my.domain.com
my.domain.com A on 192.168.1.8 600
dc.my.domain.com A on 192.168.1.8
_ldap._tcp. my.domain.com TXT dc. my.domain.com 600
_ldap._tcp.Default-First-Site-Name._sites. my.domain.com TXT dc. my.domain.com 600
_ldap._tcp.pdc._msdcs. my.domain.com TXT dc. my.domain.com 600
_ldap._tcp.gc._msdcs. my.domain.com TXT 600 dc. my.domain.com
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs. my.domain.com TXT dc. my.domain.com 600
_ldap._tcp.b87a2175-d8da-4b43-9a1f-f0683239d659.domains._msdcs. my.domain.com TXT dc. my.domain.com 600
gc._msdcs. my.domain.com A 192.168.1.8 600
afe2d0e8-2332-4856-81e6-63f4cec140e1._msdcs. my.domain.com CNAME dc. my.domain.com 600
_kerberos._tcp.dc._msdcs. my.domain.com TXT dc. my.domain.com 600
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs. my.domain.com TXT dc. my.domain.com 600
_ldap._tcp.dc._msdcs. my.domain.com TXT dc. my.domain.com 600
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs. my.domain.com TXT dc. my.domain.com 600
_kerberos._tcp. my.domain.com TXT dc. my.domain.com 600
_kerberos._tcp.Default-First-Site-Name._sites. my.domain.com TXT dc. my.domain.com 600
_gc._tcp. my.domain.com TXT dc. my.domain.com 600
_gc._tcp.Default-First-Site-Name._sites. my.domain.com TXT dc. my.domain.com 600
_kerberos._udp. my.domain.com TXT dc. my.domain.com 600
_kpasswd._tcp. my.domain.com TXT dc. my.domain.com 600
_kpasswd._udp. my.domain.com TXT dc. my.domain.com 600

Can someone help ?

Thanks
Keith

keef · Jun 15, 2009, 3:16 PM

Figured it out. Here's how…..

To register the SRV entries you need to use the RAW record type but it needs to be in a specific format. So here's an example

Original Entry from the domain control is...
_ldap._tcp.my.domain.com. 600 IN SRV 0 100 389 dc.my.domain.com.

using a SRV record creator such as the one at this site = http://www.anders.com/projects/sysadmin/djbdnsRecordBuilder/
scroll down to the section "djbdns / tinydns SRV"

you need to fill in the form so for the example above we would use.

Service: _ldap._tcp.my.domain.com
Priority: 0
Weight: 100
Port: 389
Target: dc.my.domain.com
Time To Live: 600

Then press "Build SRV Record" and a windows pop's up containing the raw string....

:_ldap._tcp.my.domain.com:33:\000\000\000\144\001\205\002dc\002my\006domain\003com\000:600

Now you just need to enter this in to PSsense Tindy DNS server as a raw record, so....
Record Name = _ldap._tcp.my.domain.com
Record Type = raw
Record Data = :_ldap._tcp.my.domain.com:33:\000\000\000\144\001\205\002dc\002my\006domain\003com\000:600

Then that should be it done.

If you have windows box's you can test it, open a command prompts
nslookup
set type=srv
server "your dns servers ip"
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain.com

RESULTS in .........................

_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain.com
SRV service location:
priority = 0
weight = 100
port = 88
svr hostname = dc.my.domain.com

Hope this helps someone.
Keith