I think I am getting lost in network failover land. I am trying to set up a Windows Domain Controller and DNS, while providing resilients and failover. I have two Domain Controllers and DNS servers. AD1 and AD2. Both are talking to each other, exchanging forest and DNS zone information. I was reading this Automatic failover for domain controller explaining how Domain Controller failover works with SRV records. However my issue is with my linux clients. Currently we have all linux clients targetting at AD1's IP address for authentication purposes. I want to however target a global name of "AD", which is a DNS entry to round robin/netmask order between AD1 and AD2.

I think I might be on the wrong track to solution out this DC/DNS failover in my infrastructure. Because when I do a failover test by shutting down AD2, client's on the same network segment as AD2 cannot authenticate. Times out.

Do I have to explicitly put each AD servers IP in the ldap.conf file on each linux client? I was hoping to only have to put the global name of "AD" and have DNS take care of the rest.

Thank you all!


Solution 1:

If you're domain name is corp.mydomain.com you should be able to set the Linux boxes to the same domain name as opposed to dc01.corp.mydomain.com your root domain name by default will resolve to any of the DCs currently setup.

If you run a nslookup for corp.mydomain.com you should get the IPs of all of your DCs.