[Samba] Cannot remove old NS record
Paul R. Ganci
ganci at nurdog.com
Sun Dec 22 18:31:16 UTC 2019
On 12/22/19 11:20 AM, Paul R. Ganci via samba wrote:
> Hi All,
>
> A while ago I replaced a Samba AD on old hardware with a another AD on
> newer hardware. Everything went smoothly including the demotion of the
> old AD. However after I did some cleanup DNS records and turned off
> the old hardware I noticed that there still was a NS record associated
> with the old AD. So I went to the wiki page
> https://wiki.samba.org/index.php/DNS_Administration and followed the
> instructions on how to remove an old NS record:
>
> # samba-tool dns delete <Your-AD-DNS-Server-IP-or-hostname>
> samdom.example.com @ NS
>
> So I followed the instructions. Here is the sequence of commands that
> demonstrates the problem (some of the command responses were redacted
> to remove unnecessary lines):
>
> > dig nikita.myhome.nurdog.com
>
> ;; ANSWER SECTION:
> nikita.myhome.nurdog.com. 900 IN A 192.168.1.11
>
> ;; AUTHORITY SECTION:
> myhome.nurdog.com. 900 IN NS nureyev.myhome.nurdog.com. <-
> Old NS
> myhome.nurdog.com. 900 IN NS nikita.myhome.nurdog.com.
>
> > samba-tool dns delete nureyev.myhome.nurdog.com myhome.nurdog.com @
> NS nikita.myhome.nurdog.com
> Record deleted successfully
>
> > dig nikita.myhome.nurdog.com
>
> ;; ANSWER SECTION:
> nikita.myhome.nurdog.com. 900 IN A 192.168.1.11
>
> ;; AUTHORITY SECTION:
> myhome.nurdog.com. 900 IN NS nikita.myhome.nurdog.com.
> myhome.nurdog.com. 900 IN NS nureyev.myhome.nurdog.com.
>
> ;; ADDITIONAL SECTION:
> nureyev.myhome.nurdog.com. 900 IN A 192.168.1.8
>
> If I try to remove the NS again using the same samba-tool command I
> receive a python error indicating 9701,
> 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST'. So why can I not get rid of
> the NS nikita.myhome.nurdog.com? That hardware that used to run the AD
> is physically gone. But for some reason it seems that Samba still
> thinks nikita.myhome.nurdog.com is a NS for the domain, I would love
> to clean this up. It seems to me that DNS is trying to use nikita
> first and then nureyev but nikita shouldn't be there at all. I am
> running the Sernet Samba packages 4-11.4-9 on a CentOS Linux release
> 7.7.1908 with bind-9.11.4-9,
>
> Are there any suggestions to to fix the problem?
>
I noticed something strange when listing all the DNS records (again I
removed a lot of unnecessary response):
> samba-tool dns query nureyev.myhome.nurdog.com myhome.nurdog.com @ all
Name=, Records=5, Children=0
SOA: serial=362, refresh=900, retry=600, expire=86400, minttl=0,
ns=nureyev.myhome.nurdog.com., email=hostmaster.myhome.nurdog.com.
(flags=600000f0, serial=362, ttl=3600)
NS: nureyev.myhome.nurdog.com. (flags=600000f0, serial=278, ttl=900)
A: 192.168.1.11 (flags=600000f0, serial=278, ttl=900)
A: 192.168.1.8 (flags=600000f0, serial=278, ttl=900)
MX: nureyev.myhome.nurdog.com. (10) (flags=600000f0, serial=283,
ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=ap, Records=1, Children=0
There is that A: 192.168.1.11 (flags=600000f0, serial=278, ttl=900) just
under the NS: result. Do I have to delete the A: record for 192.168.1.11
to completely remove the reference to nikita? And if I add it back
afterwards will the DNS think it is still a NS for the domain?
--
Paul (ganci at nurdog.com)
Cell: (303)257-5208
More information about the samba
mailing list