[Samba] Phantom DNS records visible with dig, but not samba-tool dns
lingpanda101 at gmail.com
lingpanda101 at gmail.com
Fri Sep 9 15:35:44 UTC 2016
On 9/9/2016 10:59 AM, ash-samba--- via samba wrote:
> We appear to have some phantom DNS records on both our domain
> controllers.
>
> We can see the records using "dig", but not with samba-tool. We can't
> remove the records either.
>
> (v-ward and v-fief are the DCs, Hawaii and Alaska are old DCs which
> were demoted without errors, I'm trying to clean up some DNS records
> which don't seem to have been cleaned).
>
> All machines are 4.2.10-Debian
>
> Can anybody advise how I can fix this? Ideally in this case there
> would only be two records.
>
> Console output follows
>
> Thanks,
>
>
>
> root at v-ward# samba-tool dns query v-ward _msdcs.chester-dc.example.com
> _ldap._tcp.dc srv
> Password for [ash at CHESTER-DC.EXAMPLE.COM]:
> Name=, Records=3, Children=0
> SRV: HAWAII.chester-dc.example.com. (389, 0, 100) (flags=f0,
> serial=110, ttl=900)
> SRV: ALASKA.chester-dc.example.com. (389, 0, 100) (flags=f0,
> serial=110, ttl=900)
> SRV: v-fief.chester-dc.example.com. (389, 0, 100) (flags=f0,
> serial=110, ttl=0)
>
> root at v-ward# samba-tool dns delete v-ward
> _msdcs.chester-dc.example.com _ldap._tcp.dc srv "v-ward.chester-dc.
> 389 0 100"
> Password for [ash at CHESTER-DC.EXAMPLE.COM]:
> ERROR: Record does not exist
>
> #(10.4.4.155 is samba on v-ward)
> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155
>
> ; <<>> DiG 9.9.5-9+deb8u4-Debian <<>>
> _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14081
> ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 6, AUTHORITY: 0,
> ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;_ldap._tcp.dc._msdcs.chester-dc.example.com. IN SRV
>
> ;; ANSWER SECTION:
> _ldap._tcp.dc._msdcs.chester-dc.example.com. 900 IN SRV 0 100 389
> HAWAII.chester-dc.example.com.
> _ldap._tcp.dc._msdcs.chester-dc.example.com. 900 IN SRV 0 100 389
> ALASKA.chester-dc.example.com.
> _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389
> v-fief.chester-dc.example.com.
> _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389
> v-ward.chester-dc.example.com.
> _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389
> v-ward.chester-dc.co.uk.
> _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389
> v-ward.chester-dc.
>
> ;; Query time: 0 msec
> ;; SERVER: 10.4.4.155#53(10.4.4.155)
> ;; WHEN: Fri Sep 09 15:38:48 BST 2016
> ;; MSG SIZE rcvd: 245
>
> # testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Loaded services file OK.
> Server role: ROLE_ACTIVE_DIRECTORY_DC
>
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
> workgroup = CHESTER-DC
> realm = CHESTER-DC.EXAMPLE.COM
> server role = active directory domain controller
> passdb backend = samba_dsdb
> log file = /var/log/samba/log.%m
> max log size = 1000
> client ldap sasl wrapping = plain
> ldap server require strong auth = No
> load printers = No
> cups server = printers.example.com
> panic action = /usr/share/samba/panic-action %d
> dns forwarder = 10.4.4.10
> rpc_server:tcpip = no
> rpc_server:winreg = embedded
> rpc_server:ntsvcs = embedded
> rpc_server:eventlog = embedded
> rpc_server:srvsvc = embedded
> rpc_server:svcctl = embedded
> rpc_server:default = external
> winbindd:use external pipes = true
> acl:read = false
> rpc_daemon:spoolssd = embedded
> rpc_server:spoolss = embedded
> idmap config chester-dc : range = 1000-999999
> idmap config chester-dc : backend = ad
> idmap config * : range = 1000000-1999999
> idmap_ldb:use rfc2307 = yes
> idmap config * : backend = tdb
> map archive = No
> map readonly = no
> store dos attributes = Yes
> include = /etc/samba/smb.common
> vfs objects = dfs_samba4 acl_xattr
>
>
>
For me I had to use ADSI edit to remove the entries.
--
-James
More information about the samba
mailing list