The description of the Windows NT 4 Compatible Domain Locator has been omitted, since it is irrelevant to the DNS and is described in “Windows 2000 Domain Controller Locator

IP/DNS Compatible Locator

The algorithm behind the IP/DNS Compatible Locator consists of two main parts. First, the domain DC(s) must be registered with a DNS server. Second, the locator must submit a DNS query to the DNS server to locate a DC in the specified domain. After this query is resolved an LDAP User Datagram Protocol (UDP) lookup is sent to one or more of the DCs listed in the response to the DNS query to ensure their availability. Finally, the NetLogon service caches the discovered DC to aid in resolving future requests. Below this algorithm is described in detail.

DNS Record Registration and Resolver Requirements

A Windows 2000 domain is represented by a DNS domain name (for example, nt.microsoft.com.). Each domain controller registers its address with DNS using the standard DNS dynamic update. In addition to registering its host name (A record), the domain controller registers pseudonym(s) (SRV or CNAME records) that will help finding the DC based on predictable criteria (for example, the DC in a particular site). If multiple DCs have the same criteria, then there would be multiple records with the same pseudonym. A client looking for a DC with that criteria would receive all the applicable records from the DNS server.

For example, a DC named phoenix in the domain nt.microsoft.com. with an IP address of 157.55.81.157 would register the following records with DNS:

phoenix.nt.microsoft.com. A

157.55.81.157

 

_ldap._tcp.nt.microsoft.com.

SRV

0 0 389 phoenix.nt.microsoft.com.

_kerberos._tcp.nt.microsoft.com.

SRV

0 0 88 phoenix.nt.microsoft.com.

_ldap._tcp.dc._msdcs.nt.microsoft.com. SRV

0 0 389

phoenix.nt.microsoft.com.

 

 

 

_kerberos._tcp.dc._msdcs.nt.microsoft.com. SRV

0 0 88

phoenix.nt.microsoft.com.

 

 

 

With these records in place (and similar records by all the other DCs in the same domain), a simple DNS lookup of "_ldap._tcp.dc._msdcs.nt.microsoft.com." will return the names and addresses of all the DCs in the domain.

The NetLogon service on each Windows 2000 DC registers one or more of the following DNS SRV records with DNS server(s) as appropriate. The list below defines the name associated with the registered record, describes the lookup criteria supported by that record, and defines checks performed by NetLogon as each record is registered.

Netlogon registers the following DNS SRV records as appropriate:

_ldap._tcp.<DnsDomainName>.

Allows a client to find an LDAP server in the domain named by <DnsDomainName>. For example, _ldap._tcp.nt.microsoft.com. The LDAP server is not necessarily a DC. All Windows NT Domain controllers will register this name.

Windows 2000 White Paper

31

Page 37
Image 37
Microsoft windows 2000 DNS manual DNS Record Registration and Resolver Requirements, IP/DNS Compatible Locator