[Samba] Clients no longer updating DNS & unable to delete MX records

Thomas Simmons twsnnva at gmail.com
Wed Mar 20 13:29:00 MDT 2013


On Wed, Mar 20, 2013 at 9:05 AM, Thomas Simmons <twsnnva at gmail.com> wrote:

> Hello,
>
> After noticing some odd behavior on my domain, I realized that many of my
> DNS records are incorrect and that clients are no longer properly updating
> DNS. While looking into this, I also discovered that I am unable to delete
> MX records via AD DNS Manager or samba-tool. Both tools "see" the record
> but report it does not exist when I attempt to delete it. I can create new
> MX records, but cannot delete them. I can create and delete both A and
> CNAME records. The same behavior occurs under all zones. I can create and
> delete new forward lookup zones.
>
> [root at ADC1 log]# samba-tool dns query adc1 internal.testdom.com mailsrv MX
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'sasl-DIGEST-MD5' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:adc1[,sign]
>   Name=, Records=3, Children=0
>     MX: mailsrv.internal.testdom.com. (10) (flags=f0, serial=4, ttl=900)
>
> [root at ADC1 log]# samba-tool dns delete adc1 internal.testdom.com mailsrv
> MX 'mailsrv.internal.testdom.com 10'
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'sasl-DIGEST-MD5' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:adc1[,sign]
> ERROR(runtime): uncaught exception - (9701,
> 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
>   File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py",
> line 1169, in run
>     del_rec_buf)
>
>
With log level = 10, when attempting to deleting the record, it appears to
find it, but reports it doesn't exist anyway. Has anyone seen this behavior
before? The last DNS update was nearly 2 weeks ago and I am not aware of
anything that happened around that time that would have triggered this. I
don't know it this MX problem and the clients being unable to update DNS
are related.

[2013/03/20 13:52:20,  5, pid=2064, effective(0, 0), real(0, 0)]
../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug)
  ldb: ldb_trace_request: SEARCH
   dn: DC=internal.testdom.com
,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com
   scope: one
   expr: (&(objectClass=dnsNode)(name=mailsrv))
   attr: dnsRecord
   control: <NONE>

[2013/03/20 13:52:20,  5, pid=2064, effective(0, 0), real(0, 0)]
../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug)
  ldb: ldb_trace_request: (resolve_oids)->search
...
...
...

[2013/03/20 13:52:20,  5, pid=2064, effective(0, 0), real(0, 0)]
../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug)
  ldb: ldb_trace_response: ENTRY
  dn: DC=mailsrv,DC=internal.testdom.com
,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com
  dnsRecord::
IgAPAAXwAAAEAAAAAAADhAAAAAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX
   lzZXMDY29tAA==
  dnsRecord:: EAAPAAXwAAA+AAAAAAAAAAAAAADcIjcAAAoMAgZnb29nbGUDY29tAA==
  dnsRecord::
IgAPAAXwAAAEAAAAAAADhAAAAAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX
   lzZXMDY29tAA==

[2013/03/20 13:52:20,  5, pid=2064, effective(0, 0), real(0, 0)]
../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug)
  ldb: ldb_trace_response: DONE
  error: 0

[2013/03/20 13:52:20,  1, pid=2064, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:282(ndr_print_function_debug)
       DnssrvUpdateRecord2: struct DnssrvUpdateRecord2
          out: struct DnssrvUpdateRecord2
              result                   :
WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST


More information about the samba mailing list