After you initialize KDC in VMware Identity Manager, you must create public DNS records to allow the Kerberos clients to find the KDC when the built-in Kerberos authentication feature is enabled.
The KDC realm name is used as part of the DNS name for the VMware Identity Manager appliance entries that are used to discover the KDC service. One SRV DNS record is required for each VMware Identity Manager site and two A address entries.
The AAAA entry value is an IPv6 address that encodes an IPv4 address. If the KDC is not addressable via IPv6 and an IPv4 address is used, the AAAA entry might have to be specified in a strict IPv6 notation as
::ffff:175c:e147 on the DNS server. You can use an IPv4 to IPv6 conversion tool, such as one available from Neustar.UltraTools, to convert IPv4 to IPv6 address notation.
DNS Record Entries for KDC
In this example DNS record, the realm is
EXAMPLE.COM; the VMware Identity Manager fully qualified domain name is
idm.example.com, and the VMware Identity Manager IP address
idm.example.com. 1800 IN AAAA ::ffff:22.214.171.124
idm.example.com. 1800 IN A 126.96.36.199
_kerberos._tcp.EXAMPLE.COM IN SRV 10 0 88 idm.example.com.
_kerberos._udp.EXAMPLE.COM IN SRV 10 0 88 idm.example.com.