sunhux
asked on
is domain controller = AD server = DNS server ?
I need to permit firewall rules to domain controllers for MS AAG.
Is domain controller = AD server = DNS server? How do I find out
the domain controller from my SQL server that has joined the domain.
Below are the rules I'm trying to get permitted:
The following is the list of services and their ports used for Active Directory communication for SQL Server AlwaysOn:
· UDP port 88 for Kerberos authentication
· UDP and TCP port 135 for domain controllers-to-domain controller and client to domain controller operations.
· TCP port 139 and UDP port 138 for File Replication Service between domain controllers.
· UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
· TCP and UDP port 445 for File Replication Service
· TCP and UDP port 464 for Kerberos Password Change
· TCP port 3268 and 3269 for Global Catalog from client to domain controller.
· TCP and UDP port 53 for DNS from client to domain controller and domain controller to domain controller.
Is domain controller = AD server = DNS server? How do I find out
the domain controller from my SQL server that has joined the domain.
Below are the rules I'm trying to get permitted:
The following is the list of services and their ports used for Active Directory communication for SQL Server AlwaysOn:
· UDP port 88 for Kerberos authentication
· UDP and TCP port 135 for domain controllers-to-domain controller and client to domain controller operations.
· TCP port 139 and UDP port 138 for File Replication Service between domain controllers.
· UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.
· TCP and UDP port 445 for File Replication Service
· TCP and UDP port 464 for Kerberos Password Change
· TCP port 3268 and 3269 for Global Catalog from client to domain controller.
· TCP and UDP port 53 for DNS from client to domain controller and domain controller to domain controller.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the syntax should be "set type=rr" and not "type rr"
or you can directly use "nslookup -type=rr ..."
i do not have a windows box around but nslookup has a decent builtin help
or you can directly use "nslookup -type=rr ..."
i do not have a windows box around but nslookup has a decent builtin help
ASKER
That syntax doesn't work on our Win2008 R2 (Std or Ent):
> set type=rr
unknown query type: rr
> type rr
*** Can't find address for server rr: Non-existent domain
> set type ?
Unrecognized command: set type ?
> ?
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (ex. A,AAAA,A+AAAA,ANY,CNAME,MX
SOA,SRV)
querytype=X - same as type
> set type=rr
unknown query type: rr
> type rr
*** Can't find address for server rr: Non-existent domain
> set type ?
Unrecognized command: set type ?
> ?
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (ex. A,AAAA,A+AAAA,ANY,CNAME,MX
SOA,SRV)
querytype=X - same as type
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>a dns query of type RR for _ldap._tcp.dc._msdcs.Activ
What's the exact command to do the above? If it's nslookup, I can't get the
command right:
D:\>nslookup
Default Server: app.optus.com.au
Address: 192.168.1.254
> type RR
*** Can't find address for server RR: Non-existent domain
>