[Samba] Cannot remove old NS record

Rowland penny rpenny at samba.org
Sun Dec 22 19:07:20 UTC 2019 

On 22/12/2019 18:20, Paul R. Ganci via samba wrote:
> Hi All,
>
> A while ago I replaced a Samba AD on old hardware with a another AD on 
> newer hardware. Everything went smoothly including the demotion of the 
> old AD. However after I did some cleanup DNS records and turned off 
> the old hardware I noticed that there still was a NS record associated 
> with the old AD. So I went to the wiki page 
> https://wiki.samba.org/index.php/DNS_Administration and followed the 
> instructions on how to remove an old NS record:
>
> # samba-tool dns delete <Your-AD-DNS-Server-IP-or-hostname> 
> samdom.example.com @ NS
>
> So I followed the instructions. Here is the sequence of commands that 
> demonstrates the problem (some of the command responses were redacted 
> to remove unnecessary lines):
>
> > dig nikita.myhome.nurdog.com
>
> ;; ANSWER SECTION:
> nikita.myhome.nurdog.com. 900    IN    A    192.168.1.11
>
> ;; AUTHORITY SECTION:
> myhome.nurdog.com.    900    IN    NS nureyev.myhome.nurdog.com. <- 
> Old NS
> myhome.nurdog.com.    900    IN    NS    nikita.myhome.nurdog.com.
>
> > samba-tool dns delete nureyev.myhome.nurdog.com myhome.nurdog.com @ 
> NS nikita.myhome.nurdog.com
> Record deleted successfully
>
> > dig nikita.myhome.nurdog.com
>
> ;; ANSWER SECTION:
> nikita.myhome.nurdog.com. 900    IN    A    192.168.1.11
>
> ;; AUTHORITY SECTION:
> myhome.nurdog.com.    900    IN    NS    nikita.myhome.nurdog.com.
> myhome.nurdog.com.    900    IN    NS nureyev.myhome.nurdog.com.
>
> ;; ADDITIONAL SECTION:
> nureyev.myhome.nurdog.com. 900    IN    A    192.168.1.8
>
> If I try to remove the NS again using the same samba-tool command I 
> receive a python error indicating 9701, 
> 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST'. So why can I not get rid of 
> the NS nikita.myhome.nurdog.com? That hardware that used to run the AD 
> is physically gone. But for some reason it seems that Samba still 
> thinks nikita.myhome.nurdog.com is a NS for the domain, I would love 
> to clean this up. It seems to me that DNS is trying to use nikita 
> first and then nureyev but nikita shouldn't be there at all. I am 
> running the Sernet Samba packages 4-11.4-9 on a CentOS Linux release 
> 7.7.1908 with bind-9.11.4-9,
>
> Are there any suggestions to to fix the problem?
>
Cached record somewhere ?

You seem to have done everything correctly.

Rowland

More information about the samba mailing list