[Samba] Bogus dnsRecord attribute with Rank==0

Andrew Bartlett abartlet at samba.org
Sun Feb 14 23:34:56 UTC 2021


On Fri, 2021-01-22 at 09:40 -0500, Jonathon Reinhart via samba wrote:
> 
> I have to assume that the Windows "DNS Manager" RSAT tool did this
> (via LDAP),
> but I have no idea why, nor can I recreate this.

We are not aware of any Microsoft clients directly modifying LDAP. 

Samba will, during the domain join, but only to change an ACL, we try
to create the record over RPC to avoid trouble like this.

> I still have the xxx-broken-sw1 record for forensic purposes,
> although I'd
> like to delete it soon.

You might get come clues as to when that attribute was last modified
(if that helps) in the replPropertyMetaData

> Has anyone ever seen anything like this?

Very, very strange.

Yes, DNS is odd, particularly with tombstoned records and with the
multiple records (attribute values) within a single LDAP record (which
means that there is an owner for the full name, even in situations like
this).

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba





More information about the samba mailing list