DNS file question (Win 2003 SP1)
Results 1 to 6 of 6

Thread: DNS file question (Win 2003 SP1)

  1. #1
    Senior Member
    Join Date
    Sep 2005
    Posts
    221

    DNS file question (Win 2003 SP1)

    Hi everyone -- I have a file in c:\windows\system32\dns\ which baffles me a bit.

    The file is domainname.dns (our internal domain), and here's the sample which gets me :

    @ 600 A 127.0.0.2
    @ 600 A 127.0.0.3
    @ 600 A 127.0.0.4
    @ MX 10 mailserver_goes_here.
    860d6822-eafb-4f2e-b10f-4c03c9e0f35a._msdcs 600 CNAME (domain controller).
    a75186f6-5714-4a2d-b639-b4cdd1e57f2a._msdcs 600 CNAME (domain controller 2).
    b322dc0e-9032-4c01-a377-c220566e7ee7._msdcs 600 CNAME (domain controller 3).
    b767c5a8-158a-4a2f-9889-d8dbceab2952._msdcs 600 CNAME (domain controller 4).
    bf7a48c7-607d-4e24-85c8-b42453e5e31b._msdcs 600 CNAME (domain controller 5).
    d9912b05-e40c-4def-aaf8-a2b1624f6a75._msdcs 600 CNAME (domain controller 6).
    _kerberos._tcp.active-directory-site-name._sites.dc._msdcs 600 SRV 0 100 88 (domain controller 0).


    Is that normal? Expected? A problem that needs to be cleared up?
    Definitions: Hacker vs. Cracker
    Gentoo Linux user, which probably says a lot about me..
    AGA member 14460 || KGS : Trevoke and games archived

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    The SRV record is used by clients to find the domain controller.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Sep 2005
    Posts
    221
    Okay -- what about the previous long lines that look like garbage?
    Definitions: Hacker vs. Cracker
    Gentoo Linux user, which probably says a lot about me..
    AGA member 14460 || KGS : Trevoke and games archived

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Not sure, haven't used Windows in a while but they look like class or resource ID's to me. Perhaps some service that's running on the domain controller(s) or they could be used for trust relations as they're CNAMEs for existing domain controllers...

    Edit: did some digging.. They're probably DSA_GUIDs..
    In the CNAME resource record DSA_GUID._msdcs.ForestRootDNSDomainName), DSA_GUID is the GUID of the NTDS Settings object (also called the Directory System Agent (DSA) object) for the domain controller. ForestRootDNSDomainName is the DNS name of the forest where the domain controller is located. Destination domain controllers use the CNAME resource record to identify and locate their replication partners.
    Technet article:
    http://207.46.196.114/WindowsServer/...9f9971033.mspx
    Last edited by SirDice; February 9th, 2007 at 07:06 PM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member
    Join Date
    Sep 2005
    Posts
    221
    Ooh. Thanks.
    Definitions: Hacker vs. Cracker
    Gentoo Linux user, which probably says a lot about me..
    AGA member 14460 || KGS : Trevoke and games archived

  6. #6
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255
    This is a DNS zone database that is created when you create primary forward lookup zone. It is used to resolve DNS names to IP addresses. Record A identifies the IP address associated with the host name. Record MX identifies the Mail Exchanger, a mail server installed within your domain. CNAME record or Canonical Name record identifies an alias for the computer. That is it whereas host can have several aliases, its IP can be the same. The service record or SRV identifies domain controllers. That is needed for the domain client computer to identify domain controller. When the client will find that the 'domain controller 0' is the domain controller for the 'active-directory-site-name._sites.dc'. This example is a dummy file. Notice _kerberos on the beginning of the string. This indicates that the Kerberos service will be used to log on client to domain. And the _tcp is identifier for the protocol (that is TCP protocol) used to work with the specified service. Those '600' throughout this file represent the TimeToLive (TTL) value for the record to stay active. Zero written right after SRV record identifies the client priority in case there are multiple records and can actually vary from 0 to 65535. Then goes weight that allows to balance load by checking the record weight. And then we see the 88th port used by Kerberos.
    (\__/)
    (='.'=)
    (")_(")

Similar Threads

  1. Why I put Slackware on my Free BSD box
    By gore in forum *nix Security Discussions
    Replies: 22
    Last Post: December 8th, 2005, 06:53 PM
  2. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  3. Solaris Hardening
    By R0n1n in forum *nix Security Discussions
    Replies: 3
    Last Post: November 20th, 2002, 02:20 PM
  4. *nix small lesson
    By sweet_angel in forum Other Tutorials Forum
    Replies: 0
    Last Post: November 7th, 2002, 01:19 AM
  5. Linux: Check those file permissions!
    By problemchild in forum The Security Tutorials Forum
    Replies: 4
    Last Post: August 23rd, 2002, 03:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •