[Samba] bogus record in _msdcs zone in samba-dc
Rowland penny
rpenny at samba.org
Tue May 19 09:51:41 UTC 2020
On 19/05/2020 10:46, Alex wrote:
>>> One record I've finally found that looks suspicious:
>>> # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b 'DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com' -s sub
>>>
>>> # record 1
>>> dn: DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
>>> I considered it suspicious b/c no similar record exists for vm-dc1:
>>> # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com -s sub
>>> search error - No such Base DN: DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
>>> What do you think?
>>>
>> Strange, I do not have any computer (let alone DC) records in the forest
>> zone, this is one of my DC's record:
>> dn:
>> DC=DC01,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> This looks like a domain zone, not a forest zone..
That is what I was trying to point out, you shouldn't have computer
records in the forest zone ;-)
>
> Anyway, I was able to delete that strange record using ADSIEdit tool and now
> everything seems to be good.
Good, though it might be an idea to find out where it came from (if
possible) to stop it, or something similar, coming back.
Rowland
More information about the samba
mailing list