[Samba] Cannot remove old NS record

Paul R. Ganci ganci at nurdog.com
Wed Jan 1 22:49:26 UTC 2020 

On 12/22/19 12:07 PM, Rowland penny via samba wrote:
>>
>> Are there any suggestions to to fix the problem?
>>
> Cached record somewhere ?
>
> You seem to have done everything correctly.
>
Okay I discovered that any changes to my DNS are not being seeing by 
bind.  So exploring the Wiki

https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End

I found this entry:

If you create new DNS records in the directory and are not able to 
resolve them using the |nslookup|, |host| or other DNS lookup tools, the 
database hard links can got lost. This happens, for example, if you move 
the databases across mount points.

To verify that the domain and forest partition as well as the 
|metadata.tdb| database are hard linked in both directories, run

# ls -lai /usr/local/samba/private/sam.ldb.d/

# ls -lai /usr/local/samba/private/dns/sam.ldb.d/

The same files must have the same inode number in the first column of 
the output in the both directories. If they differ, the hard link got 
lost and Samba and BIND use separate database files and thus DNS updates 
in the directory are not resolveable through the BIND DNS server.

So I did the procedure on my system and much to my chagrin I found:

 > ls -lai /var/lib/samba/private/sam.ldb.d/
total 83720
67868145 drwxr-x--- 2 root named      296 Dec 21 17:54 .
   810580 drwxr-x--- 8 root named     4096 Jan  1 15:31 ..
67868196 -rw------- 1 root root  29609984 Nov  7 09:29 
CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb
67868195 -rw------- 1 root root  33222656 Nov  7 09:29 
CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb
67868192 -rw-rw---- 1 root named  6950912 Jan  1 14:30 
DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb
67868194 -rw-rw---- 1 root named  4247552 Nov  7 09:29 
DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb
67868202 -rw------- 1 root root  10862592 Jan  1 15:20 
DC=MYHOME,DC=NURDOG,DC=COM.ldb
67868159 -rw-rw---- 1 root named   831488 Jan  1 14:30 metadata.tdb

root at nureyev> ls -lai /var/lib/samba/private/dns/sam.ldb.d/
total 74520
34684505 drwxrwx--- 2 root named      296 Dec 21 17:54 .
   810835 drwxrwx--- 3 root named       38 Dec 21 17:54 ..
34685771 -rw-rw---- 1 root named 27410432 Jan  1 15:04 
CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb
34684600 -rw-rw---- 1 root named 32534528 Jan  1 15:04 
CN=SCHEMA,CN=CONFIGURATION,DC=MYHOME,DC=NURDOG,DC=COM.ldb
34684570 -rw-rw---- 1 root named  6950912 Jan  1 15:04 
DC=DOMAINDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb
34684597 -rw-rw---- 1 root named  4247552 Jan  1 15:04 
DC=FORESTDNSZONES,DC=MYHOME,DC=NURDOG,DC=COM.ldb
34684507 -rw-rw---- 1 root named  4333568 Jan  1 15:04 
DC=MYHOME,DC=NURDOG,DC=COM.ldb
34685651 -rw-rw---- 1 root named   831488 Dec  2  2018 metadata.tdb

Unfortunately the inode numbers do not match.

I also found this entry in the Wiki:

To auto-repair the hard linking, see Reconfiguring the BIND9_DLZ Back 
End 
<https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Reconfiguring_the_BIND9_DLZ_Back_End>. 


So I ran the auto-repair

 > samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/bind-dns/dns/MYHOME.NURDOG.COM.zone
DNS records will be automatically created
DNS partitions already exist
dns-nureyev account already exists
Failed to create link /var/lib/samba/private/dns.keytab -> 
/var/lib/samba/bind-dns/dns.keytab: No such file or directory
Failed to chown /var/lib/samba/bind-dns to bind gid 25
Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 25
Traceback (most recent call last):
   File "/sbin/samba_upgradedns", line 533, in <module>
     create_dns_dir(logger, paths)
   File 
"/usr/lib64/python3.6/site-packages/samba/provision/sambadns.py", line 
704, in create_dns_dir
     os.mkdir(dns_dir, 0o770)
FileNotFoundError: [Errno 2] No such file or directory: 
'/var/lib/samba/bind-dns/dns'

I have been running this domain for quite a while and don't quite 
understand why this problem would occur. What is somewhat strange is the 
location of certain files. For example my dns.keytab is located here:


 > ls /var/lib/samba/private/dns.keytab
/var/lib/samba/private/dns.keytab

Does anyone have an idea how to fix the problem? Can I just create 
/var/lib/samba/bind-dns/ and re-run? Suggestions are appreciated. Thanks.

-- 
Paul (ganci at nurdog.com)
Cell: (303)257-5208

More information about the samba mailing list