My employer has a big active directory infrastructure with many subsidaries. While configuring Linuxnotebooks to authenticate with kerberos (pam_krb5) against Active Directory. I was asking myself why I have to insert all our local corporate Active Directory server IPs into krb5.conf. Is there no way to just use the DNS-Name of the Domain-Name to locate my nearest Domain Controller? How do Windows XP Clients locate a domain controller? I asked a similar question already 7 years ago, but now I am able to answer this question. The KB Article of MS did not satisfy me so I tried to put here together the most interessting information.
Here is a strong simplification how a XP Client discovers a Domain Controller:
- Step 1) Lookup SRV-/A-Records for a given Domainname to locate a random Domain Controller.
$ DOMAIN=mydomain.example.net
$ dig -t srv _ldap._tcp.$DOMAIN +short - Step 2) The Records of some Domain Controller are returned. We could use this results to log-in and stop here, but the client tries to discover an DC near its site.
- Step 3) In the order of the results the Domain Controller are contacted with an “LDAP Ping”. This is an connection-less and anonymous LDAPSEARCH over UDP. In the Samba source is a script 
which allows sending cldap datagrams to a DC LINK
./cldap.pl –domain $DOMAIN –server
- Step 4) Active Directory has a map between “sites” and “subnets”. The Domain Controller compares the client IP with its map and returns the name of the “site” (here: SiteA)
- Step 5) The Client will use the “site” in further DNS request to locate Domain Controllers at its site.
$ dig -t srv _ldap._tcp.SiteA._sites._msdcs.$DOMAIN +short
- Step 6) The DNS responds with Domain Controllers responsible for SiteA
- Step 7+8) The client uses the Domain Controllers in its site in further requests. The client saves the sitename in a registry key DynamicSiteName to prevent step 1)-6). The client could also be forced to use a certain site with setting the registry key SiteName. Beginning with Windows Vista, it is also possible for a client to lookup the nearest DC with the associated costs.
Why do I explain explain this stuff on a LinuxBlog? Because I would be happy to see these features more in linux applications (e.g. ldapsearch).
site-discovery
If there a different locations with site-local servers, the client should alway use its nearest server to prevent WAN traffic.
This technique is also used in CDNs. There are also some approaches with geoip and DNS which could be helpful here. Some years ago I had to modify all site-local DNS servers so that the same DNS entry returns the IP of our site-local OpenVPN server but this was more a hack than a technique.
single DNS entry = all available servers
Instead of configuring different servers in client applications e.g. ldap1,ldap2,ldap3,…. it would be nicer (?) to control the clients just with one DNS entry.
This would also make the applications more robust as new failover servers can easily be published via DNS.
If the first IP returned by DNS is unavailable, the client should also use the other results (just like SMTP does it with MX-records)
Using DNS instead of an IP is also not a drawback her as there are usually more than one working DNS server in an organisation. As DNS is replicated, the same information is available on all other DNS servers, too.
btw: A microsoft consultant told me, that samba is site-aware – Nice! 
Update: Also Yum supports site-discovery and fault-tolerance