Today we get to take a look at one of the clever advantages of using SRV resource records in DNS to provide locator information for Active Directory domain controllers. Because Windows clients are “wired” to check DNS to find a DC, Windows can manipulate DNS to fool a client into thinking something that isn’t true! For example, if a client happens to be in an Active Directory site that doesn’t actually have a domain controller, an SRV record can be created that points such a client to the nearest domain controller in another site, even though that DC isn’t actually in the same site as the client. And in fact that’s exactly what happens. It’s called “site coverage.” When domain controller X registers its SRV records in DNS, it checks to see if any poor, neglected Active Directory sites don’t have any domain controllers in the same domain as X. Then it makes a list of all the “candidate” sites that do have domain controllers in the X domain. Domain controller X then chooses the site that is nearest (based on the “cost” of site links, as defined in Active Directory Sites and Services). If multiple sites have the same cost, then Windows picks the first one in alphabetical order. Finally, a site-specific SRV record is entered into the DNS database for the domain in the site that previously had no coverage. From that point forward, any client in the DC-less site will query DNS and (via the new SRV record) be directed to a DC in a site that is as close as possible. So, if you’ve ever wondered why it’s worthwhile to create those site link costs, now you know at least one reason; and now you can troubleshoot some of those lengthy logon times for clients in sites with no DC. Of course, you might also consider deploying a DC in such sites, to make site coverage unnecessary, and Server 2008’s Read Only Domain Controller (RODC) might be a good option to reduce administrative overhead. But it’s kind of slick to see how these SRV records give Windows flexibility to cover imperfect situations.
SRV Records and Active Directory, Part IV
What if there's no domain controller in a site?
Copyright © 2009 IDG Communications, Inc.