5

Will Windows clients use DNS to map hosts to specific kerberos realms?

Specifically, do they use _kerberos.host.example.com IN TXT OTHERREALM.COM records?

84104
  • 12,698
  • 6
  • 43
  • 75

1 Answers1

4

Windows clients only use SRV DNS records (and can fail back to NetBIOS-based discovery) to locate domain services, not TXT records.

I don't want to go in to too much detail about realm trusts and interoperability between Windows clients, AD domain controllers, and non-Microsoft KDCs because you don't say what exactly you're trying to accomplish... but you can specify non-Microsoft KDCs in the registry of your Windows clients in HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\KdcNames = kdc.otherrealm.com

Ryan Ries
  • 55,011
  • 9
  • 138
  • 197
  • I'm using Group Policy instead of the Registry. I was just hoping I could use DNS like I do on the linux side. Just one more thing to keep track of. – 84104 Jun 13 '13 at 18:21
  • 1
    This absolutely does not answer the question. It was not about service but about mapping host names to Kerberos realms as in `krb5.conf` is done manually if `TXT` is not used. – Michael-O Mar 14 '16 at 08:33
  • 1
    What @Michael-O said. It's maybe a good answer except it's for the wrong question! I don't know why it was upvoted so much. – James Johnston May 16 '16 at 15:37
  • Alright well apparently I did not understand the question, and if the OP wants to unaccept this answer, I'll delete it. – Ryan Ries May 17 '16 at 02:19