[Samba] Phantom DNS records visible with dig, but not samba-tool dns

lingpanda101 at gmail.com lingpanda101 at gmail.com
Mon Sep 12 19:38:01 UTC 2016

On 9/12/2016 3:23 PM, ash-samba--- via samba wrote:
> On 09/09/16 16:35, lingpanda101--- via samba wrote:
>> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote:
>>> We appear to have some phantom DNS records on both our domain
>>> controllers.
>>> [...]
>>> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @
>>> [...]
>> For me I had to use ADSI edit to remove the entries.
> I've managed to locate the entries using ADSI edit ( for any future
> archive readers, open ADSI edit, and then connect using
> "DC=ForestDCZones,dc=chester-dc,dc=example,dc=com" as the naming
> context, the records are under CN=MicrosoftDNS).
> The thing is, if I open, say DC=_ldap._tcp.dc and then look at dnsRecord
> the entries are using some kind of encoding (a series of backslash
> prefixed 2 digit hex values).
> I'm unsure which records to delete, and I'm somewhat concerned about
> experimenting since I can't clearly tell what is going on with the
> regular tools (AD DNS/samba-tool). A possibly greater problem is that I
> can't actually search to see which records need modification.
> Will there be any impact if I just leave the corrupt records in place?
> Are there any tools to automate fixing things?
> Thanks,

I assume you made a typo? Shouldn't it be 
'DC=ForestDNSZones,dc=domain,dc=com'? Can you copy and paste exactly 
what the record looks like?

I wouldn't delete anything unless absolutely sure.


More information about the samba mailing list