[Samba] bogus record in _msdcs zone in samba-dc
Alex
samba at abisoft.biz
Mon May 18 13:15:05 UTC 2020
Hello,
I've just discovered a bogus record in _msdcs zone which exists on samba-dc
(vm-dc4, 4.12.2) only and missing on a PDC (vm-dc1, Windows Server 2008 R2):
# samba-tool dns query localhost _msdcs.domain.com @ ALL -U administrator 2>/dev/null
Password for [DOMAIN\administrator]:
Name=, Records=3, Children=0
NS: vm-dc1.domain.com. (flags=600000f0, serial=181, ttl=3600)
NS: vm-dc4.domain.com. (flags=600000f0, serial=181, ttl=3600)
SOA: serial=181, refresh=900, retry=600, expire=86400, minttl=3600, ns=vm-dc1.domain.com., email=hostmaster.domain.com. (flags=600000f0, serial=181, ttl=3600)
Name=com, Records=0, Children=1 <- this one (notice it has a children)
Name=a4a6a0f0-a085-4a01-84ff-7b7b00081575, Records=1, Children=0
CNAME: vm-dc1.domain.com. (flags=f0, serial=110, ttl=600)
Name=aae5c8b4-5d21-4030-884a-e5dc2ca963df, Records=1, Children=0
CNAME: vm-dc4.domain.com. (flags=f0, serial=169, ttl=900)
Name=dc, Records=0, Children=2
Name=domains, Records=0, Children=1
Name=gc, Records=0, Children=2
Name=pdc, Records=0, Children=1
I can also see it in DNS Manager MMC. However, I'm unable to delete it:
[2020/05/18 15:56:26.881194, 0] ../../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1610(dnsserver_operate_zone)
dnsserver: zone operation 'DeleteNode' not implemented DnssrvOperation2: struct DnssrvOperation2
in: struct DnssrvOperation2
dwClientVersion : DNS_CLIENT_VERSION_LONGHORN (458752)
dwSettingFlags : 0x00000000 (0)
pwszServerName : *
pwszServerName : 'vm-dc4'
pszZone : *
pszZone : '_msdcs.domain.com'
dwContext : 0x00000000 (0)
pszOperation : *
pszOperation : 'DeleteNode'
dwTypeId : DNSSRV_TYPEID_NAME_AND_PARAM (15)
pData : union DNSSRV_RPC_UNION(case 15)
NameAndParam : *
NameAndParam: struct DNS_RPC_NAME_AND_PARAM
dwParam : 0x00000001 (1)
pszNodeName : *
pszNodeName : 'com._msdcs.domain.com'
Also I can't query it (there should be children as we saw above):
# samba-tool dns query localhost _msdcs.domain.com com ALL -U administrator 2>/dev/null
Password for [DOMAIN\administrator]:
#
Compare with the same query agains the gc subdomain:
# samba-tool dns query localhost _msdcs.domain.com gc ALL -U administrator 2>/dev/null
Password for [DOMAIN\administrator]:
Name=, Records=2, Children=0
A: 172.26.1.84 (flags=f0, serial=190, ttl=900)
A: 172.26.1.81 (flags=f0, serial=190, ttl=600)
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=1
Questions:
1. Is it safe to delete it using ADSIEdit (for example)
2. Why can't I query and/or delete it using standard means?
--
Best regards,
Alex
More information about the samba
mailing list