 | Work in progress This site is in the process of being reviewed and updated. |
SRV Resource Record Options
| Domain Name | Description |
|---|---|
| _ldap._tcp.example.com | any LDAP server, not necessarily a domain controller |
| _ldap._tcp.dc._msdcs.example.com | a Win2K domain controller that is also an LDAP server for the domain |
| _ldap._tcp.pdc._msdcs.example.com | the primary domain controller (PDC) in a mixed-mode domain (legacy support for a Windows NT domain) |
| _kerberos._tcp.example.com | any Kerberos KDC, not necessarily a domain controller |
| _kerberos._tcp.dc._msdcs.example.com | a Win2K domain controller that is also a Kerberos KDC for the domain |
| _kpasswd._tcp.example.com | a Kerberos Change Password server for the domain |
Using JNDI-DNS
You must use the JNDI-DNS provider rather than InetAddress.getAllByName. You must do a DNS lookup with type=SRV (service lookup) rather than type=A (host lookup). If you have the nslookup program (Windows), you can easily test this:
$ nslookup
Standardserver: loccdc1.example.com
Address: 192.168.0.1
> set type=SRV
> _ldap._tcp.example.com
Server: loccdc1.example.com
Address: 192.168.0.1
_ldap._tcp.example.com SRV service location:
priority = 100
weight = 100
port = 389
svr hostname = loccdc1.example.com
_ldap._tcp.example.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = locddc2.example.com
loccdc1.example.com internet address = 192.168.0.1
locddc2.example.com internet address = 192.168.0.2
There are precise rules in RFC 2782 on how to try servers given the priorities and weights returned by this lookup: try servers in strict order of ascending priorities; within a priority, pick servers sequentially at random with probability roughly proportional to their weight (servers with weight 0 are given a chance, too).
Presumably the JNDI-LDAP provider implements these rules already, but there does not appear to be a way to extract the list of servers.