When a DC is promoted to a domain, the default resource records are populated in the netlogon.dns file in the system root directory. These records look something like this: The first record is for domain itself and lists the name of the domain, the type of the record, the IP address and the weight. Each DC attempts to register an A record for its IP address for the domain it is in similar to the preceding record. This is an alias or canonical name (CNAME) record. The record is comprised of the GUID for the server, which is an alias for the server itself. Then there is a record for the canonical name (CNAME) DCs use this record if they know the GUID of a server and want to determine its IP address. If the dc is a Global catalog server, there is another A record. The remaining records are of type SRV which specifies the location of servers that should be used for specific protocols. These records allow you to remap the port numbers for individual protocols or the priority in which certain servers are used.
Sites that do not have domain controller located within the site can be covered by others that have site links defined. This is called automatic site coverage. The DC adds site specific records for a site to cover, so that the DC can handle queries for clients in that site. To see a list of sites for a particular DC, the NLTest command can be run. The automatic site coverage can be toggled on or off with a registry value on the domain controllers.
These records can be queried for information such as:
all the global catalogs in a forest or particular site
all Kerberos servers in a domain or a particular site
all domain controllers in a domain or a particular site
the PDC emulator for a domain.
For domain controllers that should be dedicated to an application like Microsoft Exchange and do not publish any records, there are two options for configuration of the SRV record : the DnsAvoidRegisterRecords registry entry can be used or the NetLogon system settings in the administrative templates of the group policy can be applied to the domain controllers.
Sites that do not have domain controller located within the site can be covered by others that have site links defined. This is called automatic site coverage. The DC adds site specific records for a site to cover, so that the DC can handle queries for clients in that site. To see a list of sites for a particular DC, the NLTest command can be run. The automatic site coverage can be toggled on or off with a registry value on the domain controllers.
These records can be queried for information such as:
all the global catalogs in a forest or particular site
all Kerberos servers in a domain or a particular site
all domain controllers in a domain or a particular site
the PDC emulator for a domain.
For domain controllers that should be dedicated to an application like Microsoft Exchange and do not publish any records, there are two options for configuration of the SRV record : the DnsAvoidRegisterRecords registry entry can be used or the NetLogon system settings in the administrative templates of the group policy can be applied to the domain controllers.
No comments:
Post a Comment