Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

ADDS virtualization with DDNS, yet avoid SRV record registration?

Authority
Posts: 34
1616     0

I've noticed a challenge with ADDS servers pushing in multiple individual SRV records pointing to their individual hostname instead of the comon global AD controller name, causing logins rotating between closest AD, within the country to the most remote across the globe. 

 

From my standpoint this could be resolved by replacing the multiple indiviudal SRV records to a single pointing to the commong name which can be DNS sort listed, thus ensuring logins can always reach the closest AD instance. 

 

How would I limit ADDS servers to continue updating their common, shared hostname and it's own Host entry but not SRV records?  -Alternatively in Infoblox permit A, PTR record updates and deny SRV record updates without having the individual ADDS (which are spun up based on load) report errors?

 

Yes I know I could purchase the DCT license to sort that out as well, but before spending that much I'd prefer looking into this possibility. 

Re: ADDS virtualization with DDNS, yet avoid SRV record registration?

Expert
Posts: 185
1617     0

AD does this already, you use sites to build a topology so that local DCs are used to process logon requests, within that site there is an alogorithm used to detect which DCs are "closest".

 

Have you created a site topology within AD?

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE

Re: ADDS virtualization with DDNS, yet avoid SRV record registration?

Authority
Posts: 34
1617     0

Hi Paul,

Thanks for responding, Site topology enabled and Site & Services license for pushing Site from Infoblox to ADSS -still see users login to some systems going to ADDS servers across the globe. 

 

From what I can see the issue would disapear if I replace the by ADDS servers DDNS pushed SRV records to their individual hostnames, such as _ldap._tcp.[host].[domain], with a single pointing to the common hostname of the AD controllers allowing those A records to be sort listed on each DNS server. 

I'm though not certain if this would trigger an alert on the ADDS servers, having them push back the individual SRV records, or if that check is possible to switch off. 

Re: ADDS virtualization with DDNS, yet avoid SRV record registration?

Authority
Posts: 34
1617     0

Adding solution provided by Microsoft

By disabling "Specify DC Locator DNS records not registered by the DCs" the ADSS servers will only push out their A record entries and not SRV records

 

This allows a single SRV record pointing to the common shared A record, which can be sort listed 

An alternative could be using Infoblox Traffic Controller license, but I believe this would require manual config for every new ADDS server(? )

Showing results for 
Search instead for 
Did you mean: 

Recommended for You