1. There might be 0, 10, or 1000 apps out there doing this
now. The structure is there for them to register records and look things up. I
don't think the site based mentality has taken off as completely as it can yet
though. I do expect that to change though because it makes a ton of sense.
Mostly it is probably just done with DCs at the moment because MS offers a nice
wasy API for finding DCs in that structure. If they offered an API to find any
service where you plug in the prefix you are looking for coupled with easy
registration of those records, it would probably be start being used more. A lot
of MS based programmers are lazy. They look for the easiest way to code the
stuff versus the best way to code the stuff. This is no surprise since a vast
majority of Windows programmers came from the VB world. VB didn't train you to
do things well, it trained you to do find the easiest way. If people weren't
looking for the easiest way, it is doubtful they would have gone to VB in the
first place.
As an aside, I know of folks who have used the site/subnet
objects in AD to map out Web Site usage. The IPs were mapped via the IP to site
via my ATSN tool which calls an MS API for the translation. That was the hardest
part. The rest is simple perl scanning of web service logs (not blogs) and
scooping out the pages and the IP accessing the site. That isn't using DNS
directly, but is leveraging the AD site info for the purposes of
good.
2. Nope, unfortunately not more customizable directly.
However, these simply DNS entries. There is nothing stopping you from taking a
script and registering your own records as you see fit. Just go find a copy of
nsupdate and script it with perl and register whatever the heck you want to
register either based on a list you generate or some logic that perl can follow.
You could set up just about anything you would like to set
up.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kamlesh Parmar
Sent: Saturday, December 31, 2005 7:57 AM
To: [email protected]
Subject: Re: [ActiveDir] DNS SRV records
1)
AFAIK, Site is a active directory specific concept, and AD is Directory
(LDAP), Authentication server (Kerberos) etc. These services are published
by AD in DNS thru SRV records in _sites._msdcs for each site and it covers them
all... (LDAP,DC,GC,Kerberos,Kpassword)
so I was curious what applications would actually just read sitename from
AD and look for a service not offered by DC in that site? AD based distributed
applications (other than exchange) ?
2)
DNS priorities, I know by default, its only possible per DC basis thru registry.
DNS priorities, I know by default, its only possible per DC basis thru registry.
I was hoping it was more customizable, even if it was not officially
documented.
Basically we do have hub and spoke stuff. We have central hub and then
at its spokes regional hubs and at their spoke individual remote sites.
(This is highly simplified, as there are load balancing links
across regions, away from central hub, so I would say its a mash between
center and regional sites and than hub and spokes at region and remote
sites)
Now, in case of DC failure at remote site, clients would go to any regional
or Central hub DC, and not necessarily its nearest regional hub DC.
With priority only per DC basis, I would have to create mess of
priorities to achieve what I want. And it would be complex.
One solution I thought was to publish regional hub DCs in their spoke
DCs with lower priority
This would surely give me some control, on where remote sites go for
authentication. But this would not help cover DC failure at region level.
Basically, I want to totally control the list of DCs referred to clients at
each site and in what order they are referred. So, per DC per Site
priority setting would have been ideal.
I am open to other possible solutions.
--
Kamlesh
On 12/31/05, Almeida
Pinto, Jorge de <[EMAIL PROTECTED]>
wrote:
"_sites.dc._msdcs.DNSDomainName" is for locating a DC (hence the _msdcs) that hosts a certain service in a certain site
"_sites.DnsDomainName" is for locating a SERVER (does not need to be a DC) that hosts a certain service in a certain site
for more info on service resource records see:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url="">
DNS priorities are on a per DC basis, and not on a per DC per site basis.
It is not possible to configure a different priority for the same DC covering another site.
Why do you want to do that?
if clients cannot find a DC in a site by querying for _ldap._tcp.SiteName._sites.DnsDomainName
the client will search for a DC in the domain by querying for _ldap._tcp.dc._msdcs.DnsDomainName
If you have a hub-and-spoke site topology it is OK to configure all spoke DCs (branches) NOT to register domain wide DC locator records and only let HUB DCs register those records
Jorge
________________________________
From: [EMAIL PROTECTED] on behalf of Kamlesh Parmar
Sent: Fri 2005-12-30 22:42
To: [email protected]
Subject: [ActiveDir] DNS SRV records
>From my limited knowledge of how AD uses SRV records, I have two queries.
1)
Why we need separate _sites.DnsDomainName child domain when we have
_sites.dc._msdcs.DNSDomainName child domain populated?
And I guess that only later is used by clients to find the site specific DC for authentication.
Which other applications would need site specific but generic SRV records (former ones) ??
2)
How to publish DC1 in site1 into remote site site2 with different priority than its own site site1?
i.e.
DC1 site1 priority=0
DC1 site2 priority=10
DC2 site1 priority=10
DC2 site2 priority=0
By the way,
Happy New Year to you all.
--
Kamlesh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
