[Samba] Cannot remove old NS record

Paul R. Ganci ganci at nurdog.com
Sun Dec 22 18:20:08 UTC 2019 

Hi All,

A while ago I replaced a Samba AD on old hardware with a another AD on 
newer hardware. Everything went smoothly including the demotion of the 
old AD. However after I did some cleanup DNS records and turned off the 
old hardware I noticed that there still was a NS record associated with 
the old AD. So I went to the wiki page 
https://wiki.samba.org/index.php/DNS_Administration and followed the 
instructions on how to remove an old NS record:

# samba-tool dns delete <Your-AD-DNS-Server-IP-or-hostname> samdom.example.com @ NS

So I followed the instructions. Here is the sequence of commands that 
demonstrates the problem (some of the command responses were redacted to 
remove unnecessary lines):

 > dig nikita.myhome.nurdog.com

;; ANSWER SECTION:
nikita.myhome.nurdog.com. 900    IN    A    192.168.1.11

;; AUTHORITY SECTION:
myhome.nurdog.com.    900    IN    NS nureyev.myhome.nurdog.com. <- Old NS
myhome.nurdog.com.    900    IN    NS    nikita.myhome.nurdog.com.

 > samba-tool dns delete nureyev.myhome.nurdog.com myhome.nurdog.com @ 
NS nikita.myhome.nurdog.com
Record deleted successfully

 > dig nikita.myhome.nurdog.com

;; ANSWER SECTION:
nikita.myhome.nurdog.com. 900    IN    A    192.168.1.11

;; AUTHORITY SECTION:
myhome.nurdog.com.    900    IN    NS    nikita.myhome.nurdog.com.
myhome.nurdog.com.    900    IN    NS nureyev.myhome.nurdog.com.

;; ADDITIONAL SECTION:
nureyev.myhome.nurdog.com. 900    IN    A    192.168.1.8

If I try to remove the NS again using the same samba-tool command I 
receive a python error indicating 9701, 
'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST'. So why can I not get rid of the 
NS nikita.myhome.nurdog.com? That hardware that used to run the AD is 
physically gone. But for some reason it seems that Samba still thinks 
nikita.myhome.nurdog.com is a NS for the domain, I would love to clean 
this up. It seems to me that DNS is trying to use nikita first and then 
nureyev but nikita shouldn't be there at all. I am running the Sernet 
Samba packages 4-11.4-9 on a CentOS Linux release 7.7.1908 with 
bind-9.11.4-9,

Are there any suggestions to to fix the problem?

-- 
Paul (ganci at nurdog.com)
Cell: (303)257-5208

More information about the samba mailing list