[Samba] Phantom DNS records visible with dig, but not samba-tool dns

ash-samba at comtek.co.uk ash-samba at comtek.co.uk
Mon Sep 12 19:23:27 UTC 2016

On 09/09/16 16:35, lingpanda101--- via samba wrote:
> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote:
>> We appear to have some phantom DNS records on both our domain
>> controllers.
>> [...]
>> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @
>> [...]
> For me I had to use ADSI edit to remove the entries.
I've managed to locate the entries using ADSI edit ( for any future
archive readers, open ADSI edit, and then connect using
"DC=ForestDCZones,dc=chester-dc,dc=example,dc=com" as the naming
context, the records are under CN=MicrosoftDNS).

The thing is, if I open, say DC=_ldap._tcp.dc and then look at dnsRecord
the entries are using some kind of encoding (a series of backslash
prefixed 2 digit hex values).

I'm unsure which records to delete, and I'm somewhat concerned about
experimenting since I can't clearly tell what is going on with the
regular tools (AD DNS/samba-tool). A possibly greater problem is that I
can't actually search to see which records need modification.

Will there be any impact if I just leave the corrupt records in place?

Are there any tools to automate fixing things?


More information about the samba mailing list