[Samba] How to delete a corrupt record from internal DNS

Ole Traupe ole.traupe at tu-berlin.de
Fri Jan 8 10:31:13 UTC 2016 


Am 04.01.2016 um 19:24 schrieb Rowland penny:
> On 04/01/16 17:23, Ole Traupe wrote:
>> No ideas on that?
>>
>> Ole
>>
>>
>>
>> Am 18.12.2015 um 13:44 schrieb Ole Traupe:
>>> I accidentally created a SRV record with a false port. I then 
>>> updated the port but was afraid of any consequences. So I deleted 
>>> that record again and wanted to re-create it. But now I can't: "The 
>>> record already exists."
>>>
>>> Observations:
>>>
>>>
>>> 1) I can't see it in the RSAT DNS gui, so I can't delete it there.
>>>
>>>
>>> 2) I also can't delete it via samba-tool (although I could delete 
>>> it's counter part for the other DC; so the command is ok):
>>>
>>> # samba-tool dns delete DC1 _msdcs.my.domain.tld 
>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0 100"
>>> ERROR: Record does not exist
>>>
>>>
>>> 3) However, it can be found with dig:
>>>
>>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>
>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1 
>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>> ; (1 server found)
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612
>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>>>
>>> ;; QUESTION SECTION:
>>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>>>
>>> ;; ANSWER SECTION:
>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>>> dc1.my.domain.tld.
>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>>> dc2.my.domain.tld.
>>>
>>> ;; Query time: 1 msec
>>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
>>> ;; WHEN: Thu Dec 17 13:28:06 2015
>>> ;; MSG SIZE  rcvd: 103
>>>
>>>
>>> So, how do I get rid of this problematic record for my DC2?
>>>
>>>
>>
>>
>
> Hi Ole, can you identify the DN of the record you want to remove?
> One way would be with ldbedit:
> ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs --show-binary
>
> and then searching for the record.
>
> Once you have the DN, you may be able to delete the entire record with 
> ldbdel:
>
> ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN (without 
> the 'dn: ')>
>
> Rowland
>
>


Sorry, totally overlooked you posting. Thanks for the suggestion!

with "dn: " you mean this?

"DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld"

Deleting this would delete the record for the 1st_DC as well, right? The 
whole "container" (or what appears to be one in the MS DNS console).

Could also try this from there, of course. I only don't want to mess up 
even more stuff. ;)

What baffles me: the LDAP data base is the basis of Samba's internal 
DNS, as well, I guess. Shouldn't I at least see some significant 
difference between the correct record for 1st_DC and the faulty for 2nd_DC?

# record 3236
dn: 
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20150616170609.0Z
uSNCreated: 3532
showInAdvancedViewOnly: TRUE
name: _ldap._tcp.gc
objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db
objectCategory: 
CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld
dc: _ldap._tcp.gc
whenChanged: 20160108093106.0Z
uSNChanged: 8590
dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
         wDataLength              : 0x001e (30)
         wType                    : DNS_TYPE_SRV (33)
         version                  : 0x05 (5)
         rank                     : DNS_RANK_NONE (0)
         flags                    : 0x0000 (0)
         dwSerial                 : 0x00000023 (35)
         dwTtlSeconds             : 0x000000b4 (180)
         dwReserved               : 0x00000000 (0)
         dwTimeStamp              : 0x0c83234c (209920844)
         data                     : union dnsRecordData(case 33)
         srv: struct dnsp_srv
             wPriority                : 0x0000 (0)
             wWeight                  : 0x0064 (100)
             wPort                    : 0x0cc4 (3268)
             nameTarget               : dc2.my.domain.tld

dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
         wDataLength              : 0x001e (30)
         wType                    : DNS_TYPE_SRV (33)
         version                  : 0x05 (5)
         rank                     : DNS_RANK_ZONE (240)
         flags                    : 0x0000 (0)
         dwSerial                 : 0x00000030 (48)
         dwTtlSeconds             : 0x000000b4 (180)
         dwReserved               : 0x00000000 (0)
         dwTimeStamp              : 0x0ca00cd2 (211815634)
         data                     : union dnsRecordData(case 33)
         srv: struct dnsp_srv
             wPriority                : 0x0000 (0)
             wWeight                  : 0x0064 (100)
             wPort                    : 0x0cc4 (3268)
             nameTarget               : dc1.my.domain.tld

distinguishedName: 
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld

The only difference I see is the "DNS_RANK_NONE (0)". Couldn't I try to 
adjust this "manually" with ldbedit?


Ole

More information about the samba mailing list