[Samba] bogus record in _msdcs zone in samba-dc

Alex samba at abisoft.biz
Mon May 18 17:27:45 UTC 2020 

>>> 2. Why can't I query and/or delete it using standard means?

>> Probably because it is a wrong record ????

>> Try running this on a DC:

>> ldbsearch --cross-ncs --show-binary -H /var/lib/samba/private/sam.ldb -b 
>> 'DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com' 
>> -s sub '(objectClass=dnsNode)'

> Thanks,  Rowland.  I've  just tried your command but the output does not contain
> that  bogus  record.  I  even  tried to remove the objectClass filter - still no
> luck.

One record I've finally found that looks suspicious:
# ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b 'DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com' -s sub

# record 1
dn: DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20200318110215.0Z
whenChanged: 20200318110215.0Z
uSNCreated: 13282
uSNChanged: 13282
showInAdvancedViewOnly: TRUE
name: vm-dc4.domain.com.
objectGUID: 80170015-b113-4435-bb33-ba60f4f9f608
dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
        wDataLength              : 0x0004 (4)
        wType                    : DNS_TYPE_A (1)
        version                  : 0x05 (5)
        rank                     : DNS_RANK_GLUE (128)
        flags                    : 0x0000 (0)
        dwSerial                 : 0x000000b6 (182)
        dwTtlSeconds             : 0x00000e10 (3600)
        dwReserved               : 0x00000000 (0)
        dwTimeStamp              : 0x00000000 (0)
        data                     : union dnsRecordData(case 1)
        ipv4                     : 172.26.1.84

objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=domain,DC=com
dc: vm-dc4.domain.com.
distinguishedName: DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com

I considered it suspicious b/c no similar record exists for vm-dc1:
# ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com -s sub
search error - No such Base DN: DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com

What do you think?

-- 
Best regards,
Alex

More information about the samba mailing list