DNS entries required to resolve AD forest

[Guest]

I need to access a domain controller for authentication from an application
that only allows me to configure the name space (i.e. dc=test,dc=com) as well
as logon credentials (i.e.domain\user). I don't have access to their DNS
servers. If I'm running MS DNS, what records do I manually need to add to
resolve to a domain controller? I do have the IP address to a domain
controller (and server name).

 

[Kevin D. Goodknecht Sr. [MVP]]

I need to access a domain controller for authentication from an
application that only allows me to configure the name space (i.e.
dc=test,dc=com) as well as logon credentials (i.e.domain\user). I
don't have access to their DNS servers. If I'm running MS DNS, what
records do I manually need to add to resolve to a domain controller?
I do have the IP address to a domain controller (and server name).

I suggest you allow zone transfers to your DNS server from the domain zone,
then create a secondary of the AD domain zone. You could possibly manually
create the records, there are quite a few records and a secondary zone would
take a few minutes to set up the records will take quite a bit longer even
if you had a list of the records. The recordsd you need are in the
%systemroot%\system32\config\Netlogon.dns file on the domain controller.
Plus the A record for the DCs name.

 

[Guest]

Is this something that could be exported to me in a file or do I need
connectivity to do the zone transfer?

 

[Kevin D. Goodknecht Sr. [MVP]]

Is this something that could be exported to me in a file or do I need
connectivity to do the zone transfer?

You need connectivity to and from the Primary DNS server on ports 53 UDP &
TCP for a zone transfer.
You could manually create the records in a primary zone, from the file noted
in my first response. However, you would have to manually update the records
on a continual basis, possibly several times an hour.

 

[Guest]

If the IP of the server doesn't change, would anything need to be updated
manually?

 

[Kevin D. Goodknecht Sr. [MVP]]

If the IP of the server doesn't change, would anything need to be
updated manually?

Is the DC the only record that would need to be resolved?

 

[Guest]

Yes. I have an application running on a non-member server that only allows
the name space to be configured (dc=company,dc=com) as well as security
credentials (domain\username). I need to resolve that to a specific DC.
There are other DC's in the forest but I only have access to one or two of
them. The application actually does a DNS lookup for a DC and then does an
ldap query. I have no control over how the application operates.

 

[Guest]

BTW - I forgot to add, that a seconday zone transfer doesn't work well
because we are in different address spaces with all addresses using NAT. It
is a B to B type configuration.

Thank you very much for your help so far.