[Samba] bogus record in _msdcs zone in samba-dc

Alex samba at abisoft.biz
Mon May 18 13:15:05 UTC 2020 

Hello,

I've  just  discovered  a  bogus  record in _msdcs zone which exists on samba-dc
(vm-dc4, 4.12.2) only and missing on a PDC (vm-dc1, Windows Server 2008 R2):

# samba-tool dns query localhost _msdcs.domain.com @ ALL -U administrator 2>/dev/null
Password for [DOMAIN\administrator]:
  Name=, Records=3, Children=0
    NS: vm-dc1.domain.com. (flags=600000f0, serial=181, ttl=3600)
    NS: vm-dc4.domain.com. (flags=600000f0, serial=181, ttl=3600)
    SOA: serial=181, refresh=900, retry=600, expire=86400, minttl=3600, ns=vm-dc1.domain.com., email=hostmaster.domain.com. (flags=600000f0, serial=181, ttl=3600)

  Name=com, Records=0, Children=1                                      <- this one (notice it has a children)

  Name=a4a6a0f0-a085-4a01-84ff-7b7b00081575, Records=1, Children=0
    CNAME: vm-dc1.domain.com. (flags=f0, serial=110, ttl=600)
  Name=aae5c8b4-5d21-4030-884a-e5dc2ca963df, Records=1, Children=0
    CNAME: vm-dc4.domain.com. (flags=f0, serial=169, ttl=900)
  Name=dc, Records=0, Children=2
  Name=domains, Records=0, Children=1
  Name=gc, Records=0, Children=2
  Name=pdc, Records=0, Children=1

I can also see it in DNS Manager MMC. However, I'm unable to delete it:
[2020/05/18 15:56:26.881194,  0] ../../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1610(dnsserver_operate_zone)
  dnsserver: zone operation 'DeleteNode' not implemented     DnssrvOperation2: struct DnssrvOperation2
          in: struct DnssrvOperation2
              dwClientVersion          : DNS_CLIENT_VERSION_LONGHORN (458752)
              dwSettingFlags           : 0x00000000 (0)
              pwszServerName           : *
                  pwszServerName           : 'vm-dc4'
              pszZone                  : *
                  pszZone                  : '_msdcs.domain.com'
              dwContext                : 0x00000000 (0)
              pszOperation             : *
                  pszOperation             : 'DeleteNode'
              dwTypeId                 : DNSSRV_TYPEID_NAME_AND_PARAM (15)
              pData                    : union DNSSRV_RPC_UNION(case 15)
              NameAndParam             : *
                  NameAndParam: struct DNS_RPC_NAME_AND_PARAM
                      dwParam                  : 0x00000001 (1)
                      pszNodeName              : *
                          pszNodeName              : 'com._msdcs.domain.com'

Also I can't query it (there should be children as we saw above):
# samba-tool dns query localhost _msdcs.domain.com com ALL -U administrator 2>/dev/null
Password for [DOMAIN\administrator]:
#

Compare with the same query agains the gc subdomain:

# samba-tool dns query localhost _msdcs.domain.com gc ALL -U administrator 2>/dev/null
Password for [DOMAIN\administrator]:
  Name=, Records=2, Children=0
    A: 172.26.1.84 (flags=f0, serial=190, ttl=900)
    A: 172.26.1.81 (flags=f0, serial=190, ttl=600)
  Name=_sites, Records=0, Children=1
  Name=_tcp, Records=0, Children=1

Questions:
1. Is it safe to delete it using ADSIEdit (for example)
2. Why can't I query and/or delete it using standard means?

-- 
Best regards,
Alex

More information about the samba mailing list