6.3.6.1 DNS-Based Discovery

msdn link

For DNS-based discovery, the client machine can issue the following DNS queries:

  • To locate an LDAP server hosting NC N, the client machine issues a DNS query for the SRV record _ldap._tcp.N, constructed from the NC name (N).

  • To locate an LDAP server hosting NC N in site Y, the client machine issues a DNS query for the SRV record _ldap._tcp.Y._sites.N, constructed from the NC name (N) and the site name (Y).

  • To locate domain controller (DC) hosting NC N, the client machine issues a DNS query for the SRV record _ldap._tcp.dc._msdcs.N, constructed from the NC name (N).

  • To locate a DC hosting NC N in site Y, the client machine issues a DNS query for the SRV record _ldap._tcp.Y._sites.dc._msdcs.N, constructed from the NC name (N) and the site name (Y).

  • To locate a DC hosting default NC X whose GUID is G in forest Z, the client machine issues a DNS query for the SRV record _ldap._tcp.G.domains._msdcs.Z, constructed from the default NC's GUID (G) and the forest name (Z).

  • To locate a DC that is hosting default NC X and that is also a PDC, the client machine issues a DNS query for the SRV record _ldap._tcp.pdc._msdcs.X, constructed from the NC name (X).

  • To locate a DC in forest Z that is a GC server, the client machine issues a DNS query for the SRV record _gc._tcp.Z, constructed from the forest name (Z).

  • To locate DC in forest Z, site Y that is a GC server, the client machine issues a DNS query for the SRV record _gc._tcp.Y._sites.Z, constructed from the forest name (Z) and the site name (Y).

  • To locate a server that is running the Kerberos Key Distribution Center service over TCP for default NC X, the client machine issues a DNS query for the SRV record _kerberos._tcp.X, constructed from the default NC name (X).

  • To locate a server that is running the Kerberos Key Distribution Center service over UDP for default NC X, the client machine issues a DNS query for the SRV record _kerberos._udp.X, constructed from the default NC name (X).

  • To locate a server in site Y that is running the Kerberos Key Distribution Center service over TCP for default NC X, the client machine issues a DNS query for the SRV record _kerberos._tcp.Y._sites.X, constructed from the default NC name (X) and the site name (Y).

  • To locate a DC that is running the Kerberos Key Distribution Center service over TCP and that also hosts default NC X, the client machine issues a DNS query for the SRV record _kerberos.tcp.dc._msdcs.X, constructed from the default NC name (X).

  • To locate a DC in site Y that is running the Kerberos Key Distribution Center service over TCP and that also hosts default NC X, the client machine issues a DNS query for the SRV record _kerberos.tcp.Y._sites.dc._msdcs.X, constructed from the default NC name (X) and the site name (Y).

  • To locate a server that is running the Kerberos Password Change service over TCP for default NC X, the client machine issues a DNS query for the SRV record _kpasswd._tcp.X, constructed from the default NC name (X).

  • To locate a server that is running the Kerberos Password Change service over UDP for default NC X, the client machine issues a DNS query for the SRV record _kpasswd._udp.X, constructed from the default NC name (X).

The DNS query returns a list of SRV records that match this query. The target field of the SRV record contains the FQDN (2) of the server.

Upon receiving the DNS query results, the client machine retrieves the IP addresses corresponding to each server (via DNS A/AAAA queries) and sends an LDAP ping to the retrieved addresses in weighted random order [RFC2782]. If a server has multiple IP addresses, the client pings all of them before pinging the next server in the weighted random order. The client attempts the intended protocol request to the first server address that responds to the ping.