[Samba] How to delete a corrupt record from internal DNS

Rowland penny rpenny at samba.org
Fri Jan 8 10:47:47 UTC 2016 

On 08/01/16 10:31, Ole Traupe wrote:
>
>
> Am 04.01.2016 um 19:24 schrieb Rowland penny:
>> On 04/01/16 17:23, Ole Traupe wrote:
>>> No ideas on that?
>>>
>>> Ole
>>>
>>>
>>>
>>> Am 18.12.2015 um 13:44 schrieb Ole Traupe:
>>>> I accidentally created a SRV record with a false port. I then 
>>>> updated the port but was afraid of any consequences. So I deleted 
>>>> that record again and wanted to re-create it. But now I can't: "The 
>>>> record already exists."
>>>>
>>>> Observations:
>>>>
>>>>
>>>> 1) I can't see it in the RSAT DNS gui, so I can't delete it there.
>>>>
>>>>
>>>> 2) I also can't delete it via samba-tool (although I could delete 
>>>> it's counter part for the other DC; so the command is ok):
>>>>
>>>> # samba-tool dns delete DC1 _msdcs.my.domain.tld 
>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0 100"
>>>> ERROR: Record does not exist
>>>>
>>>>
>>>> 3) However, it can be found with dig:
>>>>
>>>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>
>>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1 
>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>> ; (1 server found)
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612
>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, 
>>>> ADDITIONAL: 0
>>>>
>>>> ;; QUESTION SECTION:
>>>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>>>>
>>>> ;; ANSWER SECTION:
>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>>>> dc1.my.domain.tld.
>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>>>> dc2.my.domain.tld.
>>>>
>>>> ;; Query time: 1 msec
>>>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
>>>> ;; WHEN: Thu Dec 17 13:28:06 2015
>>>> ;; MSG SIZE  rcvd: 103
>>>>
>>>>
>>>> So, how do I get rid of this problematic record for my DC2?
>>>>
>>>>
>>>
>>>
>>
>> Hi Ole, can you identify the DN of the record you want to remove?
>> One way would be with ldbedit:
>> ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs --show-binary
>>
>> and then searching for the record.
>>
>> Once you have the DN, you may be able to delete the entire record 
>> with ldbdel:
>>
>> ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN 
>> (without the 'dn: ')>
>>
>> Rowland
>>
>>
>
>
> Sorry, totally overlooked you posting. Thanks for the suggestion!
>
> with "dn: " you mean this?
>
> "DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld" 
>
>
> Deleting this would delete the record for the 1st_DC as well, right? 
> The whole "container" (or what appears to be one in the MS DNS console).
>
> Could also try this from there, of course. I only don't want to mess 
> up even more stuff. ;)
>
> What baffles me: the LDAP data base is the basis of Samba's internal 
> DNS, as well, I guess. Shouldn't I at least see some significant 
> difference between the correct record for 1st_DC and the faulty for 
> 2nd_DC?
>
> # record 3236
> dn: 
> DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20150616170609.0Z
> uSNCreated: 3532
> showInAdvancedViewOnly: TRUE
> name: _ldap._tcp.gc
> objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db
> objectCategory: 
> CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld
> dc: _ldap._tcp.gc
> whenChanged: 20160108093106.0Z
> uSNChanged: 8590
> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>         wDataLength              : 0x001e (30)
>         wType                    : DNS_TYPE_SRV (33)
>         version                  : 0x05 (5)
>         rank                     : DNS_RANK_NONE (0)
>         flags                    : 0x0000 (0)
>         dwSerial                 : 0x00000023 (35)
>         dwTtlSeconds             : 0x000000b4 (180)
>         dwReserved               : 0x00000000 (0)
>         dwTimeStamp              : 0x0c83234c (209920844)
>         data                     : union dnsRecordData(case 33)
>         srv: struct dnsp_srv
>             wPriority                : 0x0000 (0)
>             wWeight                  : 0x0064 (100)
>             wPort                    : 0x0cc4 (3268)
>             nameTarget               : dc2.my.domain.tld
>
> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>         wDataLength              : 0x001e (30)
>         wType                    : DNS_TYPE_SRV (33)
>         version                  : 0x05 (5)
>         rank                     : DNS_RANK_ZONE (240)
>         flags                    : 0x0000 (0)
>         dwSerial                 : 0x00000030 (48)
>         dwTtlSeconds             : 0x000000b4 (180)
>         dwReserved               : 0x00000000 (0)
>         dwTimeStamp              : 0x0ca00cd2 (211815634)
>         data                     : union dnsRecordData(case 33)
>         srv: struct dnsp_srv
>             wPriority                : 0x0000 (0)
>             wWeight                  : 0x0064 (100)
>             wPort                    : 0x0cc4 (3268)
>             nameTarget               : dc1.my.domain.tld
>
> distinguishedName: 
> DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>
> The only difference I see is the "DNS_RANK_NONE (0)". Couldn't I try 
> to adjust this "manually" with ldbedit?
>
>
> Ole
>
>
>

Don't think so, it was trying to change something with ldbedit that 
corrupted my AD object, leading me to having to delete the entire record 
and recreate it.
Bear with me, I am trying to figure out how to alter "DNS_RANK_NONE"

Rowland

More information about the samba mailing list