On Feb 28, 2:55 am, Martin Burnicki <[EMAIL PROTECTED]> wrote: > Of course. However, we must distinguish between DNS domains and Windows > Active Directory domains which have nothing to do with DNS in the first > place.
Active Directory is completely dependent on DNS. In fact, an Active Dfirectory domain requires a DNS server that allows SRV records and dynamic updates to even function. Active directory is generally not used for name resolution (with a few exceptions, such as specifying IP ranges for AD sites to tweak the replication topology). Otherwise, DNS supplies the name resolution layer for all Windows domain operations. Most people use Microsoft's DNS server with AD, because it automatically and reliably replicates data using the same distributed multi-master replication mechanism that AD uses. But they are actually separate - you can set up AD domains using BIND or other DNS that supports the relevand RFCs. I did it for a customer once back around 2002. That said, based on refIDs reported by member servers, I believe the Windows Time Service simply contacts the domain controller that the machine logged into for the time, using DNS to resolve the name. You can find which domain controller a machine used by using the "echo %LOGONSERVER%" command. When a Windows domain member loses contact with its logon server, it does a DNS SRV record lookup (such as _ldap._tcp.gc._msdcs.exmaple.com) to find another one. How this affects running the reference ntpd on domain controllers I do not know. I really don't have the time to set up a lab to test the behvaior in depth. I run ntpd on other systems, and have our Windows domain controllers configured to get their time from those stratum-2 systems. _______________________________________________ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions