[Samba] samba4 AD DNS zone corrupted
Johannes Schmid
smbml at rotfl.org
Thu Nov 29 16:02:22 MST 2012
On 11/29/2012 03:26 AM, Stephen Jones wrote:
> If you want to delete the TXT record my suggestion would be to use
> nsupdate. This tool is part of BIND. My advice would be to avoid
> samba-tool, or at least the dns part of it. When I tried to use it I
> just got errors. I think it's still rather experimental. But
> nsupdate works.
Thanks for the hint. It raised my hopes for a few seconds, but it
doesn't work, as the record I want to remove seems really really broken.
As suggested, I ran this command (while being kerberos-authenticated):
# nsupdate -g
> update delete _kerberos.mitxp.com TXT
> send
This is what bind logs when issuing the command:
Nov 29 23:23:36 vmsrvr1 named[1701]: samba_dlz: starting transaction on
zone mydomain.local
Nov 29 23:23:36 vmsrvr1 named[1701]: samba_dlz: allowing update of
signer=administrator\@MYDOMAIN.LOCAL name=_kerberos.mydomain.local
tcpaddr=192.168.122.1 type=TXT
key=3710301881.sig-sambapdc.mydomain.local/160/0
Nov 29 23:23:36 vmsrvr1 named[1701]: client 192.168.122.1#53087:
updating zone 'mydomain.local/NONE': deleting rrset at
'_kerberos.mydomain.local' TXT
Nov 29 23:23:36 vmsrvr1 named[1701]: samba_dlz: failed to parse
dnsRecord for
DC=_kerberos,DC=mydomain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local
Nov 29 23:23:36 vmsrvr1 named[1701]: samba_dlz: committed transaction on
zone mydomain.local
As you can see, it has problems deleting the DNS record because it
cannot parse it. Extremely annoying. Even though the last log message
says "committed transaction on zone", the DNS record is still there and
is still causing problems with the complete zone.
But I found the solution! I just wanted to write it down in case someone
else has the same problem:
You need to delete the record directly from the LDB-File. This is how
it's done:
ldbdel -H /var/lib/samba/private/dns/sam.ldb
"DC=_kerberos,DC=mydomain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local"
After that, I restarted samba, just to be on the safe side. And after
that, my DNS zone was OK. Thanks to everyone who helped me debugging this.
PS: Just in case a samba developer is interested in the LDB record,
here's the result presented by ldbsearch before I deleted it:
# ldbsearch -H /var/lib/samba/private/dns/sam.ldb -b
"DC=_kerberos,DC=mydomain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local"
"(objectclass=dnsNode)" --show-binary
# record 1
dn:
DC=_kerberos,DC=mydomain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20121119125920.0Z
whenChanged: 20121119125920.0Z
uSNCreated: 4082
uSNChanged: 4082
showInAdvancedViewOnly: TRUE
name: _kerberos
objectGUID: 0bbee647-94ac-4a9c-8c2a-90deca29cdfe
ndr_pull_error(11): Pull bytes 15 (../librpc/ndr/ndr_basic.c:420)
dnsRecord: <Unable to decode binary data>
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=local
dc: _kerberos
distinguishedName:
DC=_kerberos,DC=mydomain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local
Note: the 15 "pull bytes" are probably MYDOMAIN.LOCAL + a terminating
character. At least that was what I assume because I created the TXT
record with "MYDOMAIN.LOCAL" as content.
--
Best regards,
-Johannes.
--
Best regards,
-Johannes.
More information about the samba
mailing list