General discussion


Duplicate _kerberos._udp.domain SRV records

By PaTryptik ·

I'd like to know if you have ever seen this issue where duplicate SRV records are present in your private corporate DNS, but having a different Priority. This issue is infrequent as it appears to occur maybe about only once a year.

We have applications that are very dependent on that list of _kerberos SRV records and when a duplicate is present, Kerberos authentication will break immediately for the applications it serves.

It might not be an "issue" but a normal behavior under certain conditions, but I can't explain it and since the affected applications can't handle it, we are wondering why this is happening and how to prevent it.

We also noticed that duplicate _kpasswd records were present at the time of the issue, but it doesn't look to affect the applications.

We have a single domain forest running 2003 without issues.

Thanks for any help you could provide about this strange problem.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

See Link

by robo_dev In reply to Duplicate _kerberos._udp. ...
Collapse -

Hi robo_dev

by PaTryptik In reply to Duplicate _kerberos._udp. ...

Thanks. My environment is quite different though. I don't have any Windows 2000 Domain Controller, only Windows 2003 DCs at the time this issue occurred. I now have a mix of 2003 and 2008 R2. Also, I don't have SRV records that disappears often, but duplicate _kerberos._udp records that appear extremely rarely (in the same zone but with a different Priority).

But even though I don't have any Windows 2000 DC, our AD integrated DNS zones are all still stored in the DomainNC. Since we're using a single domain forest, am I wrong to say that it wouldn't change anything to store our zones either in ForestDnsZones or in DomainDnsZones ?

Would this improve any aspect of our DNS infrastructure on a single domain forest ?

Related Discussions

Related Forums