Saturday, March 28, 2009

SRV DNS records

SRV DNS record topics is overlooked by me utill recently. I find its value when I configure a Active Directory and establish the two way trust between two forest. Also I find it is the important step to verify a new AD is working and working as you expect. For example, I use nslookup from a workstation to verify if I can see the Active Directory and site domain controller service , such as LDAP, GC, Kerboros
step 1. NSLOOKUP
steop 2. set type=all or set type =SRV
step 3. _ldap._tcp. or _gc._tcp., or .. site...
the result from DNS server are important, because it provide the address resolution( location-aware) to workstation logon/user authentication (Keboros and LDAP) and directory search (GC). The testing I did before is either use ping to ping domain name to test resolution, or jump to logon process or higher layer appplication to troubleshoot. Now that I won't miss this important step any more. I will use this SRV lookup right after the pint test.

http://support.microsoft.com/kb/816587

http://technet.microsoft.com/en-us/library/cc772774.aspx How DNS works, a complete guide

A domain controller named Phoenix in the domain contoso.com has an IP address of 157.55.81.157. It registers the following A records and SRV records with DNS:

phoenix.contoso.com A 157.55.81.157_ldap._tcp.contoso.com SRV 0 0 389 phoenix.contoso.com_kerberos._tcp.contoso.com SRV 0 0 88 phoenix.contoso.com_ldap._tcp.dc._msdcs.contoso.com SRV 0 0 389 phoenix.contoso.com_kerberos._tcp.dc._msdcs.contoso.com SRV 0 0 88 phoenix.contoso.com.

DNS Support for Active Directory Processes and Interactions
When a Windows Server 2003 member server is promoted to an Active Directory domain controller by installing Active Directory, the Net Logon service registers the DNS resource records necessary for network hosts and services to be able to locate the domain controller on the network. When network hosts and services attempt to perform an operation (such as joining a domain, for example) that requires an Active Directory domain controller, the Locator mechanism is used to locate the domain controller through DNS. The following table describes the processes and interactions involved in the registration and location of domain controllers in DNS.
Active Directory and DNS Processes and Interactions

Process or Interaction
Description
Domain controller DNS name registration
The Net Logon service registers DNS resource records on behalf of the Active Directory domain controller in the DNS zone with the same name as the Active Directory domain hosted by the domain controller.
DNS delegation, forwarders
DNS delegation resource records are created in the zone that is a parent of the zone supporting the Active Directory domain. The delegation enables the DNS name of the domain controller to be resolved downward from the root of the DNS hierarchy.
DNS forwarders are another DNS feature that enable domain controller location, and are commonly used for an Active Directory client in one domain to locate a domain controller in another domain.
DNS domain controller location
Network hosts and services use the DNS Locator mechanism to locate domain controllers in the Active Directory forest.

Wikipedia have a complete topic on SRV, including VoIP service and Exchange 2007 use SRV to self provision client.
http://en.wikipedia.org/wiki/SRV_record
Another topic is SRV Records Registered by Net Logon
below is an example of file netlogon.dns at %systemroomt%\config
biovail.local. 600 IN A 192.168.1.31_ldap._tcp.biovail.local. 600 IN SRV 0 100 389 server.biovail.local._ldap._tcp.e46b4812-0cb0-4846-a4d8-7492847575b7.domains._msdcs.biovail.local. 600 IN SRV 0 100 389 server.biovail.local.11283ddd-c1d1-4b7e-b927-b6710b916654._msdcs.biovail.local. 600 IN CNAME server.biovail.local._kerberos._tcp.dc._msdcs.biovail.local. 600 IN SRV 0 100 88 server.biovail.local._ldap._tcp.dc._msdcs.biovail.local. 600 IN SRV 0 100 389 server.biovail.local._kerberos._tcp.biovail.local. 600 IN SRV 0 100 88 server.biovail.local._kerberos._udp.biovail.local. 600 IN SRV 0 100 88 server.biovail.local._kpasswd._tcp.biovail.local. 600 IN SRV 0 100 464 server.biovail.local._kpasswd._udp.biovail.local. 600 IN SRV 0 100 464 server.biovail.local._ldap._tcp.ca1._sites.biovail.local. 600 IN SRV 0 100 389 server.biovail.local._kerberos._tcp.ca1._sites.dc._msdcs.biovail.local. 600 IN SRV 0 100 88 server.biovail.local._ldap._tcp.ca1._sites.dc._msdcs.biovail.local. 600 IN SRV 0 100 389 server.biovail.local._kerberos._tcp.ca1._sites.biovail.local. 600 IN SRV 0 100 88 server.biovail.local._ldap._tcp.gc._msdcs.biovail.local. 600 IN SRV 0 100 3268 server.biovail.local._ldap._tcp.ca1._sites.gc._msdcs.biovail.local. 600 IN SRV 0 100 3268 server.biovail.local.gc._msdcs.biovail.local. 600 IN A 192.168.1.31_gc._tcp.biovail.local. 600 IN SRV 0 100 3268 server.biovail.local._gc._tcp.ca1._sites.biovail.local. 600 IN SRV 0 100 3268 server.biovail.local._ldap._tcp.pdc._msdcs.biovail.local. 600 IN SRV 0 100 389 server.biovail.local.DomainDnsZones.biovail.local. 600 IN A 192.168.1.31_ldap._tcp.DomainDnsZones.biovail.local. 600 IN SRV 0 100 389 server.biovail.local._ldap._tcp.ca1._sites.DomainDnsZones.biovail.local. 600 IN SRV 0 100 389 server.biovail.local.ForestDnsZones.biovail.local. 600 IN A 192.168.1.31_ldap._tcp.ForestDnsZones.biovail.local. 600 IN SRV 0 100 389 server.biovail.local._ldap._tcp.ca1._sites.ForestDnsZones.biovail.local. 600 IN SRV 0 100 389 server.biovail.local.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)