[HELP WANTED] Samba DNS Corruption: any examples?

[Daniele Dario]

G'Day,

On mar, 2016-11-01 at 22:16 +1300, Andrew Bartlett wrote:
> G'Day,
> 
> I'm chasing down an issue of DNS corruption for a customer, where an A
> record coudln't be deleted with Samba's normal tools, and had to be
> removed with ldbdel.
> 
> Sadly however we no longer have access to the corrupt record (oops),
> but there is nothing new under the sun, and if it happening for one
> customer it is probably happening elsewhere.  And in any case, the more
> examples the better with these things.
> 
> I'm aware of the ability of TXT records to be miss-parsed (it even got
> as far as a security hole), but if anybody has other records that get
> 'stuck' in our internal or BIND9 DLZ DNS servers, and can share those
> with me (in private is fine), that would be most helpful.
> 
> I'm looking for output from commands like:
> 
> bin/ldbsearch -H ldap://$SERVER -Uadministrator%$PASSWORD -b
> "DC=773eed91-5cc6-4745-94c9-
> 1c1796e377d0,DC=_msdcs.samba.example.com,CN=MicrosoftDNS,DC=forestDnsZo
> nes,DC=samba,DC=example,DC=com" 
> 
> and 
> 
> bin/ldbsearch -H ldap://$SERVER -Uadministrator%$PASSWORD -b
> "DC=773eed91-5cc6-4745-94c9-
> 1c1796e377d0,DC=_msdcs.samba.example.com,CN=MicrosoftDNS,DC=forestDnsZo
> nes,DC=samba,DC=example,DC=com"  --show-binary
> 
> Thanks!
> 
> Andrew Bartlett

I'm using samba 4.4.3 and tried the above searchs.

I'm not familiar with ldbsearch so I copied the posted command and just
replaced $SERVER/$PASSWORD, samba.example.com with my realm name
saitel.loc and DC=samba,DC=example,DC=com with DC=saitel,DC=loc but the
only thing I get is 

search error - LDAP error 32 LDAP_NO_SUCH_OBJECT -  <acl_read: Error
retrieving instanceType for base.
at ../source4/dsdb/samdb/ldb_modules/acl_read.c:362> <>

Am I missing something in the replacements or just search can't find any
record matching what asked for?

Daniele.