[Samba] Phantom DNS records visible with dig, but not samba-tool dns

Rowland Penny rpenny at samba.org
Mon Sep 12 19:47:09 UTC 2016


On Mon, 12 Sep 2016 15:41:24 -0400
lingpanda101--- via samba <samba at lists.samba.org> wrote:

> On 9/12/2016 3:23 PM, ash-samba--- via samba wrote:
> > On 09/09/16 16:35, lingpanda101--- via samba wrote:
> >> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote:
> >>> We appear to have some phantom DNS records on both our domain
> >>> controllers.
> >>> [...]
> >>> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155
> >>> [...]
> >>>
> >>
> >> For me I had to use ADSI edit to remove the entries.
> >>
> > I've managed to locate the entries using ADSI edit ( for any future
> > archive readers, open ADSI edit, and then connect using
> > "DC=ForestDCZones,dc=chester-dc,dc=example,dc=com" as the naming
> > context, the records are under CN=MicrosoftDNS).
> >
> > The thing is, if I open, say DC=_ldap._tcp.dc and then look at
> > dnsRecord the entries are using some kind of encoding (a series of
> > backslash prefixed 2 digit hex values).
> >
> > I'm unsure which records to delete, and I'm somewhat concerned about
> > experimenting since I can't clearly tell what is going on with the
> > regular tools (AD DNS/samba-tool). A possibly greater problem is
> > that I can't actually search to see which records need modification.
> >
> > Will there be any impact if I just leave the corrupt records in
> > place?
> >
> > Are there any tools to automate fixing things?
> >
> > Thanks,
> >
> >
> >
> 
> I see what you mean by the value of DNS. That's normal. It's in
> hexadecimal.
> 

Not if you you know what tool to use, where to use it and the magic
incantation ;-)

# editing 1 records
# record 1
dn: DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20151106115626.0Z
whenChanged: 20151106115626.0Z
uSNCreated: 3683
uSNChanged: 3683
showInAdvancedViewOnly: TRUE
name: _ldap._tcp.pdc
objectGUID: 77be2b80-e5c7-46bb-a410-7d7c5c02efa7
dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
        wDataLength              : 0x0020 (32)
        wType                    : DNS_TYPE_SRV (33)
        version                  : 0x05 (5)
        rank                     : DNS_RANK_ZONE (240)
        flags                    : 0x0000 (0)
        dwSerial                 : 0x00000001 (1)
        dwTtlSeconds             : 0x00000384 (900)
        dwReserved               : 0x00000000 (0)
        dwTimeStamp              : 0x00000000 (0)
        data                     : union dnsRecordData(case 33)
        srv: struct dnsp_srv
            wPriority                : 0x0000 (0)
            wWeight                  : 0x0064 (100)
            wPort                    : 0x0185 (389)
            nameTarget               : dc1.samdom.example.com

objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
dc: _ldap._tcp.pdc
distinguishedName: DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com

And to get it editable:

ldbedit -e nano -H /usr/local/samba/private/sam.ldb --cross-ncs
--show-binary -b
'DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com'
-s base

All on one line, run on a DC.

Rowland



More information about the samba mailing list