Dynamic Domain Controller registration - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

Without the proper DNS information, a client can't discover which server to contact for authentication. Each DC registers and maintains its own AD DNS integration records consisting of several A (Host), CNAME (Alias), and SRV (Service) records. These records are initially registered by the DC's NetLogon service.



When examining the various DNS resource records in the Microsoft DNS server, you may think that this data must reside in sub zones of the parent domain due to the way the data is structured. This isn't necessarily the case, because DDNS updates have no way of creating additional zones. The records are simply added as resource records with label separators (".") into the parent domain’s zone file. Notice that some record names contain underscore ("_") characters. This is common practice in Microsoft development tools and was borrowed for the DNS naming technique for AD. The following table lists the naming conventions used in the records:
DNS Label Description
_ldap LDAP service
_tcp Service uses TCP connections
udp Service uses UDP connections
_kerberos Record contains information about a Kerberos Key Distribution Center (KDC)
_msdcs Service is running on a Domain Controller
_kpasswd Kerberos Password Change service
_gc Global Catalog service
_sites Record contains information a specific site
dc Domain Controller (DC)
gc Global Catalog (GC)
A registered DNS record can contain one or more of the above names to describe a service that can be queried. For example, the following record locates an LDAP service on server1.bluecatnetworks.com in the bluecatnetworks.com:
_ldap._tcp.bluecatnetworks.com SRV 0 0 389 server1.bluecatnetworks.com
This is an alternative form of this record showing that the LDAP service is on a DC:
_ldap._tcp.dc._msdcs.bluecatnetworks.com SRV 0 0 389 server1.bluecatnetworks.com

For a detailed list of these records, refer to Active Directory DNS records.