[Samba] Duplicate PDC SRV records in DNS and can't delete the wrong one with samba-tool
Norbert Hanke
norbert.hanke at gmx.ch
Mon Mar 13 22:16:27 UTC 2023
Thank you very much Rowland!
Indeed, I oversaw the "_ldap" , with that it worked.
Regards,
Norbert
On 13.03.2023 22:31, Rowland Penny via samba wrote:
>
>
> On 13/03/2023 20:58, Norbert Hanke via samba wrote:
>> Hi,
>>
>> I transferred FSMO roles from my DC2 to my DC1, and that looks ok from
>> samba-tool point of view:
>>
>> # samba-tool fsmo show
>> ldb_wrap open of secrets.ldb
>> SchemaMasterRole owner: CN=NTDS
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=tld
>>
>> InfrastructureMasterRole owner: CN=NTDS
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=tld
>>
>> RidAllocationMasterRole owner: CN=NTDS
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=tld
>>
>> PdcEmulationMasterRole owner: CN=NTDS
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=tld
>>
>> DomainNamingMasterRole owner: CN=NTDS
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=tld
>>
>> DomainDnsZonesMasterRole owner: CN=NTDS
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=tld
>>
>> ForestDnsZonesMasterRole owner: CN=NTDS
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=tld
>>
>>
>>
>> But in DNS I now have 2 SRV entries for the PDC role:
>>
>> # host -t SRV _ldap._tcp.pdc._msdcs.ad.mydomain.tld dc1.ad.mydomain.tld
>> Using domain server:
>> Name: dc1.ad.mydomain.tld
>> Address: 10.88.1.8#53
>> Aliases:
>>
>> _ldap._tcp.pdc._msdcs.ad.mydomain.tld has SRV record 0 100 389
>> dc2.ad.mydomain.tld.
>> _ldap._tcp.pdc._msdcs.ad.mydomain.tld has SRV record 0 100 389
>> dc1.ad.mydomain.tld.
>>
>>
>> samba-tool also sees 2 records:
>>
>> # samba-tool dns query dc1.ad.mydomain.tld _msdcs.ad.mydomain.tld
>> _tcp.pdc SRV
>> Using binding ncacn_ip_tcp:dc1.ad.mydomain.tld[,sign]
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> dc1.ad.mydomain.tld<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> dc1.ad.mydomain.tld<0x20>
>> Name=, Records=0, Children=0
>> Name=_ldap, Records=2, Children=0
>> SRV: dc2.ad.mydomain.tld. (389, 0, 100) (flags=f0, serial=458,
>> ttl=900)
>> SRV: dc1.ad.mydomain.tld. (389, 0, 100) (flags=f0, serial=458,
>> ttl=900)
>>
>>
>> That is wrong: the record with dc2 should not exist and I would expect
>> it gets deleted and the one with dc1 created while transferring the fsmo
>> role.
>
> You can expect has much as you like, but there is no code to remove
> the dns record. ;-)
>
>>
>> I tried to manually delete the wrong record but that does not work:
>>
>> # samba-tool dns delete dc1.ad.mydomain.tld _msdcs.ad.mydomain.tld
>> _tcp.pdc SRV 'dc2.ad.mydomain.tld 389 0 100'
>
> Wrong name, it is _ldap._tcp.pdc
>
>> Using binding ncacn_ip_tcp:dc1.ad.mydomain.tld[,sign]
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> dc1.ad.mydomain.tld<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> dc1.ad.mydomain.tld<0x20>
>> ERROR: Record does not exist; record could not be deleted.
>> zone[_msdcs.ad.mydomain.tld] name[_tcp.pdc]
>> File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 1223,
>> in run
>> dns_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN,
>>
>> Is this a bug, or am I doing something wrong? Any help is appreciated.
>
> Yes, it s a bug (a known bug). No, you are not doing anything wrong
> (other than using the wrong name when trying to delete the incorrect
> record).
>
> Rowland
>
More information about the samba
mailing list