Hi Community
I am running 5 Domain Controllers in our SMB, one to two per site, these sites are interconnected via IPSec Tunnels.
Lately I looked into my DNS service records I find that certain services are only resolved locally
ex.
site 1
@dcsc:~# ucr search kerberos/kdc
kerberos/kdc: 127.0.0.1
site 2
@TM01-fs001:~# ucr search kerberos/kdc
kerberos/kdc: tm01-dcs.org.company.com
site 3
kerberos/kdc: 127.0.0.1
For redundancy
Wouldn’t it be better if the DNS server would “anounce” all of the DC in according priority order
like “dc-localsite”;“dc-remotesite1”;“dc-remotesite2”
site 1
pdc.company.com;dcslave1.company.com;dcslave2.company.com
Same applies for LDAP an gc
havin in mind the mandatory entries like
| Mnemonic | Type | DNS Record | Requirements |
|---|---|---|---|
| 1. PDC | SRV | _ldap._tcp.pdc._msdcs. | One per domain |
| 2. GC | SRV | _ldap._tcp.gc._msdcs. | At least one per forest |
| 3. KDC | SRV | _kerberos._tcp.dc._msdcs. | At least one per domain |
| 4. DC | SRV | _ldap._tcp.dc._msdcs. | At least one per domain |
| 5 | A | One per domain controller (domain controllers that have multiple IP addresses can have more than one A resource record) | |
| 6. GcIpAddress | A | gc._msdcs. | At least one per forest |
| 7. DsaCname | CNAME | ._msdcs. | One per domain controller |
Rgds
Lucky