THE GAME HAS CHANGED

Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now

NIOS DNS DHCP IPAM

Reply

ADDS virtualization with DDNS, yet avoid SRV record registration?
Mr_Bob
Authority
Posts: 36

‎12-07-2022 07:13 AM

2344     0

I've noticed a challenge with ADDS servers pushing in multiple individual SRV records pointing to their individual hostname instead of the comon global AD controller name, causing logins rotating between closest AD, within the country to the most remote across the globe. 

 

From my standpoint this could be resolved by replacing the multiple indiviudal SRV records to a single pointing to the commong name which can be DNS sort listed, thus ensuring logins can always reach the closest AD instance. 

 

How would I limit ADDS servers to continue updating their common, shared hostname and it's own Host entry but not SRV records?  -Alternatively in Infoblox permit A, PTR record updates and deny SRV record updates without having the individual ADDS (which are spun up based on load) report errors?

 

Yes I know I could purchase the DCT license to sort that out as well, but before spending that much I'd prefer looking into this possibility. 

Labels:
Reply
0 Kudos

Re: ADDS virtualization with DDNS, yet avoid SRV record registration?
paulr
Expert
Posts: 188

‎12-07-2022 07:35 AM

2345     0

AD does this already, you use sites to build a topology so that local DCs are used to process logon requests, within that site there is an alogorithm used to detect which DCs are "closest".

 

Have you created a site topology within AD?

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Reply
0 Kudos

Re: ADDS virtualization with DDNS, yet avoid SRV record registration?
Mr_Bob
Authority
Posts: 36

‎12-08-2022 12:09 AM

2345     0

Hi Paul,

Thanks for responding, Site topology enabled and Site & Services license for pushing Site from Infoblox to ADSS -still see users login to some systems going to ADDS servers across the globe. 

 

From what I can see the issue would disapear if I replace the by ADDS servers DDNS pushed SRV records to their individual hostnames, such as _ldap._tcp.[host].[domain], with a single pointing to the common hostname of the AD controllers allowing those A records to be sort listed on each DNS server. 

I'm though not certain if this would trigger an alert on the ADDS servers, having them push back the individual SRV records, or if that check is possible to switch off. 

Reply
0 Kudos

Re: ADDS virtualization with DDNS, yet avoid SRV record registration?
Mr_Bob
Authority
Posts: 36

‎03-16-2023 07:22 AM

2345     0

Adding solution provided by Microsoft

By disabling "Specify DC Locator DNS records not registered by the DCs" the ADSS servers will only push out their A record entries and not SRV records

 

This allows a single SRV record pointing to the common shared A record, which can be sort listed 

An alternative could be using Infoblox Traffic Controller license, but I believe this would require manual config for every new ADDS server(? )

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements