The description of the Windows NT 4 Compatible Domain Locator has been omitted, since it is irrelevant to the DNS and is described in “Windows 2000 Domain Controller Locator
IP/DNS Compatible Locator
The algorithm behind the IP/DNS Compatible Locator consists of two main parts. First, the domain DC(s) must be registered with a DNS server. Second, the locator must submit a DNS query to the DNS server to locate a DC in the specified domain. After this query is resolved an LDAP User Datagram Protocol (UDP) lookup is sent to one or more of the DCs listed in the response to the DNS query to ensure their availability. Finally, the NetLogon service caches the discovered DC to aid in resolving future requests. Below this algorithm is described in detail.
DNS Record Registration and Resolver Requirements
A Windows 2000 domain is represented by a DNS domain name (for example, nt.microsoft.com.). Each domain controller registers its address with DNS using the standard DNS dynamic update. In addition to registering its host name (A record), the domain controller registers pseudonym(s) (SRV or CNAME records) that will help finding the DC based on predictable criteria (for example, the DC in a particular site). If multiple DCs have the same criteria, then there would be multiple records with the same pseudonym. A client looking for a DC with that criteria would receive all the applicable records from the DNS server.
For example, a DC named phoenix in the domain nt.microsoft.com. with an IP address of 157.55.81.157 would register the following records with DNS:
phoenix.nt.microsoft.com. A | 157.55.81.157 |
| |
_ldap._tcp.nt.microsoft.com. | SRV | 0 0 389 phoenix.nt.microsoft.com. | |
_kerberos._tcp.nt.microsoft.com. | SRV | 0 0 88 phoenix.nt.microsoft.com. | |
_ldap._tcp.dc._msdcs.nt.microsoft.com. SRV | 0 0 389 | ||
phoenix.nt.microsoft.com. |
|
|
|
_kerberos._tcp.dc._msdcs.nt.microsoft.com. SRV | 0 0 88 | ||
phoenix.nt.microsoft.com. |
|
|
|
With these records in place (and similar records by all the other DCs in the same domain), a simple DNS lookup of "_ldap._tcp.dc._msdcs.nt.microsoft.com." will return the names and addresses of all the DCs in the domain.
The NetLogon service on each Windows 2000 DC registers one or more of the following DNS SRV records with DNS server(s) as appropriate. The list below defines the name associated with the registered record, describes the lookup criteria supported by that record, and defines checks performed by NetLogon as each record is registered.
Netlogon registers the following DNS SRV records as appropriate:
_ldap._tcp.<DnsDomainName>.
Allows a client to find an LDAP server in the domain named by <DnsDomainName>. For example, _ldap._tcp.nt.microsoft.com. The LDAP server is not necessarily a DC. All Windows NT Domain controllers will register this name.
Windows 2000 White Paper
31
