Hello everyone, "q" here, now you are wondering what is this q or who it is? Well a dear friend of mine and manager back at Chrysler WHQ (2000-2008) used to call me Q cause though my name starts with Q (Qasim) but the U after Q is MIA, plus I always liked it when he called me q, sorta like the "q" in Star Wars Trek (many thanx B.) who has control of time and mass and everything else. So from now on, I will use q to quickly write my blogJ. Today, we will quickly cover DNS SRV records, why you ask. Well, when I visit customers (region specific), I notice that there is often no clear understanding of what the SRV resource records are, who creates it, why and when they are needed and above all which ones are they. So, today, we will learn about DNS SRV records briefly aka quickly.
We all know that DNS provides hostname resolution and that this service is critical to Active Directory. It allows domain controllers as well as domain members to locate services in the domain. One of those services is Client / User authentication; and as we all know - Active Directory is a distributed database, one domain controller needs to find another in order to replicate the changes it makes to its local copy of AD Database (NTDS.DIT). DNS provides specific types of records for such services; these records are called SRV or Service Resource Records. SRV records map the name of a service to the server offering this service. Clients and domain controllers use these SRV records to find the IP addresses of authenticating domain controllers and replicating partners. I don't need to remind you that a DNS Server must allow dynamic updates to the zone where SRV records are to be created by domain controllers in a domain. DNS maintains zones and these zones allow Secure dynamic updates by default. If a DNS Server does not or is configured to NOT allow any dynamic updates, these SRV records will not be registered by domain controllers automatically. We will discuss this some other time.
Once you promote a server to a domain controller using DCPROMO, a text file containing all the appropriate records the domain controller will register in DNS gets created. This text file is in the %systemroot%\system32\config and is called NETLOGON.DNS. Whenever a domain controller starts, the NETLOGON service registers these records or refreshes these records in the primary zone held by the DNS. This way, you will always have the SRV records registered dynamically with the DNS Server. There are other means to do the same, for instance, you can stop and start the NETLOGON service manually or nltest /dsregdns etc.
So now, let's see what these records are and their function.
You can also use the NETLOGON.DNS file to import the records to non-Microsoft DNS Servers that support SRV records but do not allow dynamic updates. At this point we will not discuss weights, priority or port numbers for these services. Another qUICK explanation is required for that ;)
And a picture is worth a 1000 words
Think you meant the Q in Star Trek. ;-) Just saying..I love both too though.
updated - much appreciated. :)
Good to see these blogs. Can you do one on GNZ? I'd like to learn this new type of zone in a mix environment.
Q, hmmm, can you q our problems away? Happy to see you explaining some of the grey areas in AD.
H i Q
Thanks is advance
i have windows 2000 advance server i have full working setup but suddenly my setup his having some issue
the dns server for this dc does not support dynamic DNS add the dns record from file % systemroot%\system32\config\netlogon dns to the dns server serving the domain refenced in that file.
if i want to put any system in domain environment i got error dns server is not avliable
my DHCP also work fine. if i put IPCONFIG /all i am getting full dns plus getaway so please help me
Very informative article. Thanks a lot.
the SRV record for the PDC emulator (FSMO) role holder is _ldap._tcp.pdc._msdcs.<DNSDomainName> not _ldap._tcp.pdc._ms-dcs.<DNSDomainName>
But otherwise very nice article. thanks.
Thanks for this article. Very easy to understand.