12-07-2022 07:13 AM
I've noticed a challenge with ADDS servers pushing in multiple individual SRV records pointing to their individual hostname instead of the comon global AD controller name, causing logins rotating between closest AD, within the country to the most remote across the globe.
From my standpoint this could be resolved by replacing the multiple indiviudal SRV records to a single pointing to the commong name which can be DNS sort listed, thus ensuring logins can always reach the closest AD instance.
How would I limit ADDS servers to continue updating their common, shared hostname and it's own Host entry but not SRV records? -Alternatively in Infoblox permit A, PTR record updates and deny SRV record updates without having the individual ADDS (which are spun up based on load) report errors?
Yes I know I could purchase the DCT license to sort that out as well, but before spending that much I'd prefer looking into this possibility.
Solved! Go to Solution.
12-07-2022 07:35 AM
AD does this already, you use sites to build a topology so that local DCs are used to process logon requests, within that site there is an alogorithm used to detect which DCs are "closest".
Have you created a site topology within AD?
PCN (UK) Ltd
All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
12-08-2022 12:09 AM
Thanks for responding, Site topology enabled and Site & Services license for pushing Site from Infoblox to ADSS -still see users login to some systems going to ADDS servers across the globe.
From what I can see the issue would disapear if I replace the by ADDS servers DDNS pushed SRV records to their individual hostnames, such as _ldap._tcp.[host].[domain], with a single pointing to the common hostname of the AD controllers allowing those A records to be sort listed on each DNS server.
I'm though not certain if this would trigger an alert on the ADDS servers, having them push back the individual SRV records, or if that check is possible to switch off.
03-16-2023 07:22 AM
Adding solution provided by Microsoft
By disabling "Specify DC Locator DNS records not registered by the DCs" the ADSS servers will only push out their A record entries and not SRV records
This allows a single SRV record pointing to the common shared A record, which can be sort listed
An alternative could be using Infoblox Traffic Controller license, but I believe this would require manual config for every new ADDS server(? )