DNS server no in sync with database?

Andrew Bartlett abartlet at samba.org
Sat Feb 28 13:07:09 MST 2015 

On Thu, 2015-02-26 at 17:15 +1100, Amitay Isaacs wrote:
> Hi Andrew,
> 
> On Thu, Feb 26, 2015 at 4:06 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> 
> > Kai,
> >
> > Can you help me understand what is going on with the internal DNS server
> > here?
> >
> > I get different results between ldbsearch and a DNS lookup:
> >
> > ubuntu at ad-dc-1:~/samba$ host gc._msdcs.samba.example.com 127.0.0.1
> > Using domain server:
> > Name: 127.0.0.1
> > Address: 127.0.0.1#53
> > Aliases:
> >
> > gc._msdcs.samba.example.com has address 10.0.2.6
> > gc._msdcs.samba.example.com has address 10.0.2.4
> >
> > While this is what I get when looking via ldbsearch:
> >
> > ubuntu at ad-dc-1:~/samba$ sudo bin/ldbsearch
> > -H /var/lib/samba/private/sam.ldb -b
> > DC=gc._msdcs,DC=samba.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba,DC=example,DC=com
> > -s base --show-binary
> > sudo: unable to resolve host ad-dc-1
> > # record 1
> > dn:
> > DC=gc._msdcs,DC=samba.example.com
> > ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba,DC=example,DC=com
> > objectClass: top
> > objectClass: dnsNode
> > instanceType: 4
> > whenCreated: 20150226045441.0Z
> > whenChanged: 20150226045441.0Z
> > uSNCreated: 3719
> > showInAdvancedViewOnly: TRUE
> > name: gc._msdcs
> > objectGUID: a5218b75-7946-42e1-9b89-f087e37f8e04
> > objectCategory:
> > CN=Dns-Node,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com
> > dc: gc._msdcs
> > dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
> >         wDataLength              : 0x0004 (4)
> >         wType                    : DNS_TYPE_A (1)
> >         version                  : 0x05 (5)
> >         rank                     : DNS_RANK_ZONE (240)
> >         flags                    : 0x0000 (0)
> >         dwSerial                 : 0x00000004 (4)
> >         dwTtlSeconds             : 0x00000384 (900)
> >         dwReserved               : 0x00000000 (0)
> >         dwTimeStamp              : 0x00376534 (3630388)
> >         data                     : union dnsRecordData(case 1)
> >         ipv4                     : 10.0.2.4
> >
> > dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
> >         wDataLength              : 0x0004 (4)
> >         wType                    : DNS_TYPE_A (1)
> >         version                  : 0x05 (5)
> >         rank                     : DNS_RANK_ZONE (240)
> >         flags                    : 0x0000 (0)
> >         dwSerial                 : 0x00000007 (7)
> >         dwTtlSeconds             : 0x00000384 (900)
> >         dwReserved               : 0x00000000 (0)
> >         dwTimeStamp              : 0x00376534 (3630388)
> >         data                     : union dnsRecordData(case 1)
> >         ipv4                     : 10.56.240.4
> >
> > uSNChanged: 3725
> > distinguishedName:
> > DC=gc._msdcs,DC=samba.example.com
> > ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samba,DC=example,DC=com
> >
> > # returned 1 records
> > # 1 entries
> > # 0 referrals
> 
> 
> Can you check if you have dns records under:
> 
>   CN=MicrosoftDNS,CN=System,DC=samba,DC=example,DC=com

What I think happened here is that I was putting entries in the wrong
zone using samba-tool dns (the RPC interface).  This meant I had names
in the samba.example.com zone that should have been in
_msdcs.samba.example.com.  I've added a hack for this in my updated
samba_dnsupate script (which is what caused this in the first place),
and I'll fix it properly to use SOA queries like a real DNS client
should.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list