Sites and services and queries for SRV records ...
Uri Simchoni
uri at samba.org
Thu Sep 19 03:56:45 UTC 2019
On 9/18/19 10:18 PM, Richard Sharpe via samba-technical wrote:
> Hi folks,
>
> I thought, perhaps naively, that if an organization is using sites and
> services, and you do a query for SRV records from Site A for
> _ldap._tcp.<realm> that the Windows DNS servers would return the SRV
> records ordered with those for Site A first.
>
> Is there more that you have to do to ensure that? What I am seeing
> looks like standard random round-robin order.
>
The authoritative info on that is in [MS-ADTS] "Publishing an locating a
domain controller". Central to that is the "LDAP Ping":
- In a large domain you'd get tens of DCs in response to your
_ldap._tcp.<realm> query.
- You'd then send an "LDAP ping" - a UDP packet - to a bunch of them -
Samba sends that in parallel, hoping some are not blocked by a firewall
and will answer you.
- In the response, the DC indicates in which site you're on
- Then you make an SRV query specific to the site -
_ldap._tcp.<site-name>._sites.<realm>
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/8ebcf782-87fd-4dc3-8585-1301569dfe4f
More information about the samba-technical
mailing list