duplicate dns zones 4.0.9 and samba-master

Amitay Isaacs amitay at gmail.com
Tue Oct 8 20:22:12 MDT 2013 

On Wed, Oct 9, 2013 at 2:27 AM, Taylor, Jonn <jonnt at taylortelephone.com>wrote:

>  On 10/08/2013 02:15 AM, Amitay Isaacs wrote:
>
>
> On Thu, Oct 3, 2013 at 11:47 PM, Taylor, Jonn <jonnt at taylortelephone.com>wrote:
>
>>   On 10/02/2013 08:02 PM, Amitay Isaacs wrote:
>>
>>
>>  Hi John,
>>
>> On Thu, Oct 3, 2013 at 2:54 AM, Taylor, Jonn <jonnt at taylortelephone.com>wrote:
>>
>>>  Looks like it is working. Thank you! Now we just need to have Andrew
>>> fix the database stuff when he has time.
>>>
>>> Oct  2 11:48:44 dc0 named[29090]: starting BIND
>>> 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 -u named
>>> Oct  2 11:48:44 dc0 named[29090]: built with
>>> '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
>>> '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
>>> '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
>>> '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
>>> '--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
>>> '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
>>> '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var'
>>> '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static'
>>> '--disable-openssl-version-check' '--with-dlz-ldap=yes'
>>> '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
>>> '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego'
>>> '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
>>> '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
>>> 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu'
>>> 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
>>> -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS=
>>> -DDIG_SIGCHASE'
>>> Oct  2 11:48:44 dc0 named[29090]:
>>> ----------------------------------------------------
>>> Oct  2 11:48:44 dc0 named[29090]: BIND 9 is maintained by Internet
>>> Systems Consortium,
>>> Oct  2 11:48:44 dc0 named[29090]: Inc. (ISC), a non-profit 501(c)(3)
>>> public-benefit
>>> Oct  2 11:48:44 dc0 named[29090]: corporation.  Support and training for
>>> BIND 9 are
>>> Oct  2 11:48:44 dc0 named[29090]: available at
>>> https://www.isc.org/support
>>> Oct  2 11:48:44 dc0 named[29090]:
>>> ----------------------------------------------------
>>> Oct  2 11:48:44 dc0 named[29090]: adjusted limit on open files from 4096
>>> to 1048576
>>> Oct  2 11:48:44 dc0 named[29090]: found 1 CPU, using 1 worker thread
>>> Oct  2 11:48:44 dc0 named[29090]: using up to 4096 sockets
>>> Oct  2 11:48:44 dc0 named[29090]: loading configuration from
>>> '/etc/named.conf'
>>> Oct  2 11:48:44 dc0 named[29090]: reading built-in trusted keys from
>>> file '/etc/named.iscdlv.key'
>>> Oct  2 11:48:44 dc0 named[29090]: using default UDP/IPv4 port range:
>>> [1024, 65535]
>>> Oct  2 11:48:44 dc0 named[29090]: using default UDP/IPv6 port range:
>>> [1024, 65535]
>>> Oct  2 11:48:44 dc0 named[29090]: listening on IPv6 interface lo, ::1#53
>>> Oct  2 11:48:44 dc0 named[29090]: generating session key for dynamic DNS
>>> Oct  2 11:48:44 dc0 named[29090]: sizing zone task pool based on 1 zones
>>> Oct  2 11:48:44 dc0 named[29090]: Loading 'AD DNS Zone' using driver
>>> dlopen
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: started for DN
>>> DC=taylortelephone,DC=com
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: starting configure
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable zone
>>> 'example.lan'
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable zone
>>> '198.89.70.in-addr.arpa'
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable zone
>>> '173.168.192.in-addr.arpa'
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable zone
>>> '183.168.192.in-addr.arpa'
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable zone
>>> '170.168.192.in-addr.arpa'
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable zone '
>>> taylortelephone.com'
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable zone '
>>> taylordatacom.com'
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured writeable zone '_
>>> msdcs.taylortelephone.com'
>>> Oct  2 11:48:45 dc0 named[29090]: samba_dlz: Ignoring duplicate zone '
>>> taylortelephone.com' from '
>>> DC=@,DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
>>> '
>>> Oct  2 11:48:45 dc0 named[29090]: using built-in DLV key for view
>>> _default
>>>
>>
>>  This is a bit surprising. I was expecting to see the duplicate zone in
>> the system partition
>>
>>    CN=MicrosoftDNS,CN=System,DC=taylortelephone,DC=com
>>
>>  and not really in the ForestDnsZones partition.  I am wondering how did
>> you end up with duplicate primary DNS zone in forest dns partition.
>> Usually the primary domain zone is in DomainDnsZones partition and
>> _msdcs.<domain> zone is in ForestDnsZones partition.  You might want to
>> delete this duplicate zone from ForestDnsZones partition.
>>
>>
>>  Amitay.
>>
>>  I tried to delete it but when one gets deleted the other one does too.
>> Andrew said it is hard coded that way in s4. This use to be a 2003 domain
>> that I upgraded to 2008r2. It only show up that way on an s4 server. My
>> win2k8r2 that is going away shows only 1 in the dns snap-in.
>>
>
>  How did you try to delete this zone?  Using samba-tool dns zonedelete or
> using ldbdel?  If you tried to delete using "samba-tool dns zonedelete" it
> would remove only one of the zones from DomainDNsZones partition and not
> from ForestDnsZones partition.  The correct way would be to delete using
> ldbdel.
>
>     ldbdel -H /path/to/sam/database  DC=taylortelephone.com
> ,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
>
>
>>
>> I have had a bug open on this for a year now.
>> https://bugzilla.samba.org/show_bug.cgi?id=9210
>>
>
>  I haven't been getting enough time to work on DNS stuff.
>
>  Amitay.
>
> That did not work.
>
> [root at dc0 ~]# ldbdel -H /usr/local/samba/private/dns/sam.ldb  DC=
> taylortelephone.com
> ,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> pm_process() returned Yes
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'sasl-DIGEST-MD5' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> delete of 'DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com'
> failed - (Not allowed on non-leaf) subtree_delete: Unable to delete a
> non-leaf node (it has 7 children)!
> [root at dc0 ~]#
>
> Jonn
>
>
ldbdel -r   (recursive delete)

Use with caution!

Amitay.

More information about the samba-technical mailing list