Without the proper DNS information, a client can't discover which server to contact for authentication. Each DC registers and maintains its own AD DNS integration records consisting of several A (Host), CNAME (Alias), and SRV (Service) records. These records are initially registered by the DC's NetLogon service.
|Service uses TCP connections
|Service uses UDP connections
|Record contains information about a Kerberos Key Distribution Center (KDC)
|Service is running on a Domain Controller
|Kerberos Password Change service
|Global Catalog service
|Record contains information a specific site
|Domain Controller (DC)
|Global Catalog (GC)
_ldap._tcp.bluecatnetworks.com SRV 0 0 389 server1.bluecatnetworks.com
_ldap._tcp.dc._msdcs.bluecatnetworks.com SRV 0 0 389 server1.bluecatnetworks.com
For a detailed list of these records, refer to Active Directory DNS records.