Microsoft windows 2000 DNS manual DNS Record Registration and Resolver Requirements

Page 37

The description of the Windows NT 4 Compatible Domain Locator has been omitted, since it is irrelevant to the DNS and is described in “Windows 2000 Domain Controller Locator

IP/DNS Compatible Locator

The algorithm behind the IP/DNS Compatible Locator consists of two main parts. First, the domain DC(s) must be registered with a DNS server. Second, the locator must submit a DNS query to the DNS server to locate a DC in the specified domain. After this query is resolved an LDAP User Datagram Protocol (UDP) lookup is sent to one or more of the DCs listed in the response to the DNS query to ensure their availability. Finally, the NetLogon service caches the discovered DC to aid in resolving future requests. Below this algorithm is described in detail.

DNS Record Registration and Resolver Requirements

A Windows 2000 domain is represented by a DNS domain name (for example, nt.microsoft.com.). Each domain controller registers its address with DNS using the standard DNS dynamic update. In addition to registering its host name (A record), the domain controller registers pseudonym(s) (SRV or CNAME records) that will help finding the DC based on predictable criteria (for example, the DC in a particular site). If multiple DCs have the same criteria, then there would be multiple records with the same pseudonym. A client looking for a DC with that criteria would receive all the applicable records from the DNS server.

For example, a DC named phoenix in the domain nt.microsoft.com. with an IP address of 157.55.81.157 would register the following records with DNS:

phoenix.nt.microsoft.com. A

157.55.81.157

 

_ldap._tcp.nt.microsoft.com.

SRV

0 0 389 phoenix.nt.microsoft.com.

_kerberos._tcp.nt.microsoft.com.

SRV

0 0 88 phoenix.nt.microsoft.com.

_ldap._tcp.dc._msdcs.nt.microsoft.com. SRV

0 0 389

phoenix.nt.microsoft.com.

 

 

 

_kerberos._tcp.dc._msdcs.nt.microsoft.com. SRV

0 0 88

phoenix.nt.microsoft.com.

 

 

 

With these records in place (and similar records by all the other DCs in the same domain), a simple DNS lookup of "_ldap._tcp.dc._msdcs.nt.microsoft.com." will return the names and addresses of all the DCs in the domain.

The NetLogon service on each Windows 2000 DC registers one or more of the following DNS SRV records with DNS server(s) as appropriate. The list below defines the name associated with the registered record, describes the lookup criteria supported by that record, and defines checks performed by NetLogon as each record is registered.

Netlogon registers the following DNS SRV records as appropriate:

_ldap._tcp.<DnsDomainName>.

Allows a client to find an LDAP server in the domain named by <DnsDomainName>. For example, _ldap._tcp.nt.microsoft.com. The LDAP server is not necessarily a DC. All Windows NT Domain controllers will register this name.

Windows 2000 White Paper

31

Image 37
Contents Windows 2000 DNS Microsoft Corporation. All rights reserved Contents Designing a DNS Namespace for the Active Directory Summary Page DNS Fundamentals Standards and Additional Reading Name Services in WindowsDraft-skwan-gss-tsig-04.txt GSS Algorithm for Tsig GSS-TSIG History of DNSHierarchy of DNS Domain Names Structure of DNSCom Edu Gov Mil Army Microsoft Int/net/orgMit Mydomain DNS and InternetDistributing the Database Zone Files and Delegation TTLMicrosoft My domain ftp Ntserver Replicating the DNS databaseQuerying the Database NEW Features of the Windows 2000 DNSName Server Resolver Root-server Gov Whitehouse.gov Time to Live for Resource Records Updating the DNS DatabaseActive Directory Storage and Replication Integration Active Directory Service Storage ModelWindows 2000 White Paper Replication Model Controlling Access to ZonesZone Type Conversions Protocol Description Incremental Zone TransferZone Log File Dynamic UpdateMaster DNS Server Slave DNS Server Ixfr and DS IntegrationDynamic Update of DNS Records Update AlgorithmDhcp Client Mixed EnvironmentSecure Dynamic Update Statically Configured ClientRAS Client Client ReregistrationEstablishing a security context by passing security tokens Secure Dynamic Update Policy Controlling Update Access to Zones and Names DnsUpdateProxy GroupAging and Scavenging DNS Admins GroupAging and Scavenging Parameters DefaultEnableScavenging Scavenging Period DescriptionRecord Life Span Scavenging Algorithm Configuring Scavenging ParametersInteroperability Considerations Unicode Character SupportDomain Locator Finish IP/DNS Compatible Locator DNS Record Registration and Resolver RequirementsLdap.tcp.dc.msdcs.DnsDomainName Kerberos.tcp.dc.msdcs.DnsDomainName IP/DNS DC Locator Algorithm Finish Discovering Site specific DCsCaching Resolver Fully-Qualified Query Name ResolutionUnqualified Single-Label Query Using Global Suffix Search OrderUnqualified Multi-Label Query Using Primary and Per-adapter Domain NamesUnqualified Single-Label Query Scenarios Name Resolution ScenariosMicrosoft Implementation of Negative Caching Fully-Qualified Query ScenariosDNS Server List Management Negative CachingWMI Support for DNS Server Administration Administrative ToolsDNS Manager Using Wins and Winsr Records Interoperability IssuesUsing UTF-8 Characters Format Receiving Non-RFC Compliant Data DNS Server PerformanceUtilization Hardware components Sizing Server Capacity PlanningChoosing Names Internet Access ConsiderationsWindows 2000 White Paper Windows 2000 White Paper Windows 2000 White Paper VPN Com Yyy.com Zzz.com Windows 2000 White Paper Primary Zone YYY corporation ZZZ corporation VPN Firewall Computer Names Characters in NamesPer-Adapter Naming Full computer nameIntegrating ADS with Existing DNS Structure Domain name and sites. Active Directory domain name DNS Migration to Windows 2000 DNSPartitioning, and Replication Choosing your Zones Deploying DNS to Support Active DirectoryWins Referral Using Automatic ConfigurationIxfr Ixfr For More InformationWindows 2000 White Paper