[Samba] How to delete a corrupt record from internal DNS
Ole Traupe
ole.traupe at tu-berlin.de
Fri Jan 8 11:05:27 UTC 2016
Am 08.01.2016 um 12:03 schrieb Ole Traupe:
>
>
> Am 08.01.2016 um 11:47 schrieb Rowland penny:
>> On 08/01/16 10:31, Ole Traupe wrote:
>>>
>>>
>>> Am 04.01.2016 um 19:24 schrieb Rowland penny:
>>>> On 04/01/16 17:23, Ole Traupe wrote:
>>>>> No ideas on that?
>>>>>
>>>>> Ole
>>>>>
>>>>>
>>>>>
>>>>> Am 18.12.2015 um 13:44 schrieb Ole Traupe:
>>>>>> I accidentally created a SRV record with a false port. I then
>>>>>> updated the port but was afraid of any consequences. So I deleted
>>>>>> that record again and wanted to re-create it. But now I can't:
>>>>>> "The record already exists."
>>>>>>
>>>>>> Observations:
>>>>>>
>>>>>>
>>>>>> 1) I can't see it in the RSAT DNS gui, so I can't delete it there.
>>>>>>
>>>>>>
>>>>>> 2) I also can't delete it via samba-tool (although I could delete
>>>>>> it's counter part for the other DC; so the command is ok):
>>>>>>
>>>>>> # samba-tool dns delete DC1 _msdcs.my.domain.tld
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0
>>>>>> 100"
>>>>>> ERROR: Record does not exist
>>>>>>
>>>>>>
>>>>>> 3) However, it can be found with dig:
>>>>>>
>>>>>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>>>
>>>>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>>> ; (1 server found)
>>>>>> ;; global options: +cmd
>>>>>> ;; Got answer:
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612
>>>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0,
>>>>>> ADDITIONAL: 0
>>>>>>
>>>>>> ;; QUESTION SECTION:
>>>>>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>>>>>>
>>>>>> ;; ANSWER SECTION:
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268
>>>>>> dc1.my.domain.tld.
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268
>>>>>> dc2.my.domain.tld.
>>>>>>
>>>>>> ;; Query time: 1 msec
>>>>>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
>>>>>> ;; WHEN: Thu Dec 17 13:28:06 2015
>>>>>> ;; MSG SIZE rcvd: 103
>>>>>>
>>>>>>
>>>>>> So, how do I get rid of this problematic record for my DC2?
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> Hi Ole, can you identify the DN of the record you want to remove?
>>>> One way would be with ldbedit:
>>>> ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs --show-binary
>>>>
>>>> and then searching for the record.
>>>>
>>>> Once you have the DN, you may be able to delete the entire record
>>>> with ldbdel:
>>>>
>>>> ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN
>>>> (without the 'dn: ')>
>>>>
>>>> Rowland
>>>>
>>>>
>>>
>>>
>>> Sorry, totally overlooked you posting. Thanks for the suggestion!
>>>
>>> with "dn: " you mean this?
>>>
>>> "DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld"
>>>
>>>
>>> Deleting this would delete the record for the 1st_DC as well, right?
>>> The whole "container" (or what appears to be one in the MS DNS
>>> console).
>>>
>>> Could also try this from there, of course. I only don't want to mess
>>> up even more stuff. ;)
>>>
>>> What baffles me: the LDAP data base is the basis of Samba's internal
>>> DNS, as well, I guess. Shouldn't I at least see some significant
>>> difference between the correct record for 1st_DC and the faulty for
>>> 2nd_DC?
>>>
>>> # record 3236
>>> dn:
>>> DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>>> objectClass: top
>>> objectClass: dnsNode
>>> instanceType: 4
>>> whenCreated: 20150616170609.0Z
>>> uSNCreated: 3532
>>> showInAdvancedViewOnly: TRUE
>>> name: _ldap._tcp.gc
>>> objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db
>>> objectCategory:
>>> CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld
>>> dc: _ldap._tcp.gc
>>> whenChanged: 20160108093106.0Z
>>> uSNChanged: 8590
>>> dnsRecord: NDR: struct dnsp_DnssrvRpcRecord
>>> wDataLength : 0x001e (30)
>>> wType : DNS_TYPE_SRV (33)
>>> version : 0x05 (5)
>>> rank : DNS_RANK_NONE (0)
>>> flags : 0x0000 (0)
>>> dwSerial : 0x00000023 (35)
>>> dwTtlSeconds : 0x000000b4 (180)
>>> dwReserved : 0x00000000 (0)
>>> dwTimeStamp : 0x0c83234c (209920844)
>>> data : union dnsRecordData(case 33)
>>> srv: struct dnsp_srv
>>> wPriority : 0x0000 (0)
>>> wWeight : 0x0064 (100)
>>> wPort : 0x0cc4 (3268)
>>> nameTarget : dc2.my.domain.tld
>>>
>>> dnsRecord: NDR: struct dnsp_DnssrvRpcRecord
>>> wDataLength : 0x001e (30)
>>> wType : DNS_TYPE_SRV (33)
>>> version : 0x05 (5)
>>> rank : DNS_RANK_ZONE (240)
>>> flags : 0x0000 (0)
>>> dwSerial : 0x00000030 (48)
>>> dwTtlSeconds : 0x000000b4 (180)
>>> dwReserved : 0x00000000 (0)
>>> dwTimeStamp : 0x0ca00cd2 (211815634)
>>> data : union dnsRecordData(case 33)
>>> srv: struct dnsp_srv
>>> wPriority : 0x0000 (0)
>>> wWeight : 0x0064 (100)
>>> wPort : 0x0cc4 (3268)
>>> nameTarget : dc1.my.domain.tld
>>>
>>> distinguishedName:
>>> DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>>>
>>> The only difference I see is the "DNS_RANK_NONE (0)". Couldn't I try
>>> to adjust this "manually" with ldbedit?
>>>
>>>
>>> Ole
>>>
>>>
>>>
>>
>> Don't think so, it was trying to change something with ldbedit that
>> corrupted my AD object, leading me to having to delete the entire
>> record and recreate it.
>> Bear with me, I am trying to figure out how to alter "DNS_RANK_NONE"
>>
>> Rowland
>>
>>
>
> If you say it is safe to delete (and recreate) the entire container
> including the record for the 1st_DC... then I will just do that. From
> an earlier post (to me directly) I take it, you did it without any
> hassle.
>
>
Because the RANK might or might not solve the problem.
More information about the samba
mailing list