Microsoft windows 2000 DNS Server User Manual


 
The description of the Windows NT 4 Compatible Domain Locator has been
omitted, since it is irrelevant to the DNS and is described in “Windows 2000 Domain
Controller Locator
IP/DNS Compatible Locator
The algorithm behind the IP/DNS Compatible Locator consists of two main parts.
First, the domain DC(s) must be registered with a DNS server. Second, the locator
must submit a DNS query to the DNS server to locate a DC in the specified domain.
After this query is resolved an LDAP User Datagram Protocol (UDP) lookup is sent
to one or more of the DCs listed in the response to the DNS query to ensure their
availability. Finally, the NetLogon service caches the discovered DC to aid in
resolving future requests. Below this algorithm is described in detail.
DNS Record Registration and Resolver Requirements
A Windows 2000 domain is represented by a DNS domain name (for example,
nt.microsoft.com.). Each domain controller registers its address with DNS using the
standard DNS dynamic update. In addition to registering its host name (A record),
the domain controller registers pseudonym(s) (SRV or CNAME records) that will
help finding the DC based on predictable criteria (for example, the DC in a particular
site). If multiple DCs have the same criteria, then there would be multiple records
with the same pseudonym. A client looking for a DC with that criteria would receive
all the applicable records from the DNS server.
For example, a DC named phoenix in the domain nt.microsoft.com. with an IP
address of 157.55.81.157 would register the following records with DNS:
phoenix.nt.microsoft.com. A 157.55.81.157
_ldap._tcp.nt.microsoft.com. SRV 0 0 389 phoenix.nt.microsoft.com.
_kerberos._tcp.nt.microsoft.com. SRV 0 0 88 phoenix.nt.microsoft.com.
_ldap._tcp.dc._msdcs.nt.microsoft.com. SRV 0 0 389
phoenix.nt.microsoft.com.
_kerberos._tcp.dc._msdcs.nt.microsoft.com. SRV 0 0 88
phoenix.nt.microsoft.com.
With these records in place (and similar records by all the other DCs in the same
domain), a simple DNS lookup of "_ldap._tcp.dc._msdcs.nt.microsoft.com." will
return the names and addresses of all the DCs in the domain.
The NetLogon service on each Windows 2000 DC registers one or more of the
following DNS SRV records with DNS server(s) as appropriate. The list below
defines the name associated with the registered record, describes the lookup
criteria supported by that record, and defines checks performed by NetLogon as
each record is registered.
Netlogon registers the following DNS SRV records as appropriate:
_ldap._tcp.<DnsDomainName>.
Allows a client to find an LDAP server in the domain named by <DnsDomainName>.
For example, _ldap._tcp.nt.microsoft.com. The LDAP server is not necessarily a
DC. All Windows NT Domain controllers will register this name.
Windows 2000 White Paper
31