Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



How to disable dynamic Kerberos SRV record or block dynamic updates

New Member
Posts: 1
1784     0

We have a Read Only Domain Controller in our domain used for LDAP integrations.  With the OS hardening that has been done, it does not support Kerberos authentications.  The primary Domain Controller auto updates the _kerberos SRV record hourly, so it is dynamically added back after we delete the record.  We have been unable to determine how to stop the auto updates from the DCs, so we are receiving a significant number of kerberos auth failures in our logs.


Is there a way to leave the SRV records in DNS, but set the record inactive or ignore/block the updates from the domain controller? 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You