DNS Lookup for BDC

How can I locate a host that is an authority for a specific NT domain
name (or realm name)? This used to be done using a 0x1C WINS query for
the NT domain name but since WINS is deprecated I would like to know
how to lookup the BDC or PDC using DNS.

I know the KDC may be located using the realm in an SRV query for:

_kerberos._udp.dc._msdcs.<realm>

and I know Active Directory may be located using:

_ldap._tcp.dc._msdcs.<realm>

but is it always ok to query these machines for mundane SAM account
information?

Thanks,
Mike

.

Relevant Pages

  • Re: Splitting with Regular Expressions
    ... 072 urllib.FancyURLopener.prompt_user_passwd = lambda self, host, ... realm: ... in an extended display in which all the references to lines are ...
    (comp.lang.python)
  • Re: bug: krb5_get_host_realm() no longer uses DNS
    ... realm of the host. ... realm is best determined via referrals. ... The configuration parameter ... *and* DNS TXT rrs. ...
    (comp.protocols.kerberos)
  • Kerberos Newbie Application Man in the Middle Attack Possible?
    ... The linux host has been configured to use Kerberos to authenticate against the Windows DC (requirements: accurate time, Windows host FQDN, and REALM). ... This attack appears to work on Linux based KDC/AS too. ...
    (comp.protocols.kerberos)
  • Kerberos Newbie Application Attack using Man in the Middle?
    ... The linux host has been configured to use Kerberos to authenticate against the Windows DC (requirements: accurate time, Windows host FQDN, and REALM). ...
    (comp.protocols.kerberos)
  • Re: DNS Lookup for BDC
    ... I know the KDC may be located using the realm in an SRV query for: ... There is also the pdc SRV record that will indicate the current ...
    (microsoft.public.security)