[Samba] How to delete a corrupt record from internal DNS
Ole Traupe
ole.traupe at tu-berlin.de
Fri Jan 8 11:03:08 UTC 2016
Am 08.01.2016 um 11:47 schrieb Rowland penny:
> On 08/01/16 10:31, Ole Traupe wrote:
>>
>>
>> Am 04.01.2016 um 19:24 schrieb Rowland penny:
>>> On 04/01/16 17:23, Ole Traupe wrote:
>>>> No ideas on that?
>>>>
>>>> Ole
>>>>
>>>>
>>>>
>>>> Am 18.12.2015 um 13:44 schrieb Ole Traupe:
>>>>> I accidentally created a SRV record with a false port. I then
>>>>> updated the port but was afraid of any consequences. So I deleted
>>>>> that record again and wanted to re-create it. But now I can't:
>>>>> "The record already exists."
>>>>>
>>>>> Observations:
>>>>>
>>>>>
>>>>> 1) I can't see it in the RSAT DNS gui, so I can't delete it there.
>>>>>
>>>>>
>>>>> 2) I also can't delete it via samba-tool (although I could delete
>>>>> it's counter part for the other DC; so the command is ok):
>>>>>
>>>>> # samba-tool dns delete DC1 _msdcs.my.domain.tld
>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0 100"
>>>>> ERROR: Record does not exist
>>>>>
>>>>>
>>>>> 3) However, it can be found with dig:
>>>>>
>>>>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>>
>>>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1
>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>> ; (1 server found)
>>>>> ;; global options: +cmd
>>>>> ;; Got answer:
>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612
>>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0,
>>>>> ADDITIONAL: 0
>>>>>
>>>>> ;; QUESTION SECTION:
>>>>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>>>>>
>>>>> ;; ANSWER SECTION:
>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268
>>>>> dc1.my.domain.tld.
>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268
>>>>> dc2.my.domain.tld.
>>>>>
>>>>> ;; Query time: 1 msec
>>>>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
>>>>> ;; WHEN: Thu Dec 17 13:28:06 2015
>>>>> ;; MSG SIZE rcvd: 103
>>>>>
>>>>>
>>>>> So, how do I get rid of this problematic record for my DC2?
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> Hi Ole, can you identify the DN of the record you want to remove?
>>> One way would be with ldbedit:
>>> ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs --show-binary
>>>
>>> and then searching for the record.
>>>
>>> Once you have the DN, you may be able to delete the entire record
>>> with ldbdel:
>>>
>>> ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN
>>> (without the 'dn: ')>
>>>
>>> Rowland
>>>
>>>
>>
>>
>> Sorry, totally overlooked you posting. Thanks for the suggestion!
>>
>> with "dn: " you mean this?
>>
>> "DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld"
>>
>>
>> Deleting this would delete the record for the 1st_DC as well, right?
>> The whole "container" (or what appears to be one in the MS DNS console).
>>
>> Could also try this from there, of course. I only don't want to mess
>> up even more stuff. ;)
>>
>> What baffles me: the LDAP data base is the basis of Samba's internal
>> DNS, as well, I guess. Shouldn't I at least see some significant
>> difference between the correct record for 1st_DC and the faulty for
>> 2nd_DC?
>>
>> # record 3236
>> dn:
>> DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>> objectClass: top
>> objectClass: dnsNode
>> instanceType: 4
>> whenCreated: 20150616170609.0Z
>> uSNCreated: 3532
>> showInAdvancedViewOnly: TRUE
>> name: _ldap._tcp.gc
>> objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db
>> objectCategory:
>> CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld
>> dc: _ldap._tcp.gc
>> whenChanged: 20160108093106.0Z
>> uSNChanged: 8590
>> dnsRecord: NDR: struct dnsp_DnssrvRpcRecord
>> wDataLength : 0x001e (30)
>> wType : DNS_TYPE_SRV (33)
>> version : 0x05 (5)
>> rank : DNS_RANK_NONE (0)
>> flags : 0x0000 (0)
>> dwSerial : 0x00000023 (35)
>> dwTtlSeconds : 0x000000b4 (180)
>> dwReserved : 0x00000000 (0)
>> dwTimeStamp : 0x0c83234c (209920844)
>> data : union dnsRecordData(case 33)
>> srv: struct dnsp_srv
>> wPriority : 0x0000 (0)
>> wWeight : 0x0064 (100)
>> wPort : 0x0cc4 (3268)
>> nameTarget : dc2.my.domain.tld
>>
>> dnsRecord: NDR: struct dnsp_DnssrvRpcRecord
>> wDataLength : 0x001e (30)
>> wType : DNS_TYPE_SRV (33)
>> version : 0x05 (5)
>> rank : DNS_RANK_ZONE (240)
>> flags : 0x0000 (0)
>> dwSerial : 0x00000030 (48)
>> dwTtlSeconds : 0x000000b4 (180)
>> dwReserved : 0x00000000 (0)
>> dwTimeStamp : 0x0ca00cd2 (211815634)
>> data : union dnsRecordData(case 33)
>> srv: struct dnsp_srv
>> wPriority : 0x0000 (0)
>> wWeight : 0x0064 (100)
>> wPort : 0x0cc4 (3268)
>> nameTarget : dc1.my.domain.tld
>>
>> distinguishedName:
>> DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>>
>> The only difference I see is the "DNS_RANK_NONE (0)". Couldn't I try
>> to adjust this "manually" with ldbedit?
>>
>>
>> Ole
>>
>>
>>
>
> Don't think so, it was trying to change something with ldbedit that
> corrupted my AD object, leading me to having to delete the entire
> record and recreate it.
> Bear with me, I am trying to figure out how to alter "DNS_RANK_NONE"
>
> Rowland
>
>
If you say it is safe to delete (and recreate) the entire container
including the record for the 1st_DC... then I will just do that. From an
earlier post (to me directly) I take it, you did it without any hassle.
More information about the samba
mailing list