[Samba] bogus record in _msdcs zone in samba-dc
Rowland penny
rpenny at samba.org
Mon May 18 17:49:10 UTC 2020
On 18/05/2020 18:27, Alex wrote:
>>>> 2. Why can't I query and/or delete it using standard means?
>>> Probably because it is a wrong record ????
>>> Try running this on a DC:
>>> ldbsearch --cross-ncs --show-binary -H /var/lib/samba/private/sam.ldb -b
>>> 'DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com'
>>> -s sub '(objectClass=dnsNode)'
>> Thanks, Rowland. I've just tried your command but the output does not contain
>> that bogus record. I even tried to remove the objectClass filter - still no
>> luck.
> One record I've finally found that looks suspicious:
> # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b 'DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com' -s sub
>
> # record 1
> dn: DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20200318110215.0Z
> whenChanged: 20200318110215.0Z
> uSNCreated: 13282
> uSNChanged: 13282
> showInAdvancedViewOnly: TRUE
> name: vm-dc4.domain.com.
> objectGUID: 80170015-b113-4435-bb33-ba60f4f9f608
> dnsRecord: NDR: struct dnsp_DnssrvRpcRecord
> wDataLength : 0x0004 (4)
> wType : DNS_TYPE_A (1)
> version : 0x05 (5)
> rank : DNS_RANK_GLUE (128)
> flags : 0x0000 (0)
> dwSerial : 0x000000b6 (182)
> dwTtlSeconds : 0x00000e10 (3600)
> dwReserved : 0x00000000 (0)
> dwTimeStamp : 0x00000000 (0)
> data : union dnsRecordData(case 1)
> ipv4 : 172.26.1.84
>
> objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=domain,DC=com
> dc: vm-dc4.domain.com.
> distinguishedName: DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
>
> I considered it suspicious b/c no similar record exists for vm-dc1:
> # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com -s sub
> search error - No such Base DN: DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
>
> What do you think?
>
Strange, I do not have any computer (let alone DC) records in the forest
zone, this is one of my DC's record:
dn:
DC=DC01,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20200306135346.0Z
whenChanged: 20200306135346.0Z
uSNCreated: 1367771
showInAdvancedViewOnly: TRUE
name: DC01
objectGUID: 2db5ee07-6361-4c40-b2c2-d321cda9e311
dnsRecord: NDR: struct dnsp_DnssrvRpcRecord
wDataLength : 0x0004 (4)
wType : DNS_TYPE_A (1)
version : 0x05 (5)
rank : DNS_RANK_ZONE (240)
flags : 0x0000 (0)
dwSerial : 0x000318c1 (202945)
dwTtlSeconds : 0x00000384 (900)
dwReserved : 0x00000000 (0)
dwTimeStamp : 0x00000000 (0)
data : union dnsRecordData(case 1)
ipv4 : 192.168.0.8
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
dc: DC01
uSNChanged: 1367772
distinguishedName:
DC=DC01,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
Do you have similar records for your DC's ?
Rowland
More information about the samba
mailing list