On Wed, Nov 04, 2009 at 02:33:07PM -0500, Timo Sirainen wrote:
I still don't really understand. Probably because I don't know how exactly SRV records are supposed to even work. How would I query LDAP service with e.g. dig?
Latest versions of openldap do this automatically, IIRC you specify a LDAP url something like:
ldap:///DC=foo,DC=bar,DC=com
And it looks up _ldap._tcp.foo.bar.com: $ dig -t SRV _ldap._tcp.foo.bar.com. _ldap._tcp.foo.bar.com. 600 IN SRV 0 100 389 ldap.foo.bar.com.
And then it picks the best priority SRV and looks that up, and rotates around to the other ones if the first doesn't work.
SRV records are better than RR DNS because the priority field lets the client sort them. In MS implementations the DNS server will return priority fields that reflect the queriers subnet - it will dynamically make closer servers have better priority.
Jason