Hey everyone, I'm trying to get some feedback on a strange issue I've encountered while troubleshooting network and DNS settings on a few client machines. During a packet capture, I noticed some peculiar SRV records. For context, Windows devices use a process called DC Locator to find their nearest domain controller, and this involves an SRV lookup to get several CNAMEs before it proceeds with an A record query.
Here's an example of a healthy SRV record:
_ldap._tcp.AdSiteName._sites.subdomain.company.com
For instance, this might resolve to: _ldap._tcp.NewYorkCity._sites.internalAD.FlapJacks.com, which returns some domain controller CNAMEs for the client.
However, what I've been seeing is different:
- An SRV record like _ldap._tcp.AdSiteName._sites.hostname.subdomain.company.com is showing up, which is incorrect because the hostname is injected into the SRV request, leading to an error.
- Another record is _ldap._tcp.AdSiteName._sites.DC05.subdomain.company.com, but the NLTEST shows that my preferred DC should be DC03. This is also causing errors. Any insights would be appreciated!
3 Answers
Hey! It sounds like you need to double-check your Sites and Services configuration. Did you assign a specific DC to handle requests for a certain subnet, or are you just hoping the system works automatically? It's best to avoid assuming everything is set up correctly without verification.
Just to clarify, are those lookups from the native Windows OS or from an application/script? Also, check your DNS suffix search list on the client; it's possible someone added DC and hostname info there, which could mess things up.
That definitely seems off! If the hostname isn't supposed to be in the SRV request, you might want to investigate how those DNS settings are being configured on your clients. Something might be interfering with the standard lookup process.
Thanks for the tip! The Sites and Services setup isn't perfect, but I've made improvements along the way. We have multiple DCs covering the subnet, and it's odd that the malformed query is trying to reach DC5 while my NLTEST indicates I'm actually favoring DC2. I'll definitely look into this further!