[Samba] Accidental zone deletion

Andrew Bartlett abartlet at samba.org
Tue Jun 22 07:40:45 UTC 2021 

On Tue, 2021-06-22 at 07:16 +0000, Chris Puttick via samba wrote:
> Thanks for the response, about what we feared. For interest on one of
> the DCs we tried 
> 
> samba_upgradedns --dns-backend=SAMBA_INTERNAL --migrate=no
> 
> and got the response
> 
> # samba_upgradedns --dns-backend=SAMBA_INTERNAL --migrate=no
> Reading domain information
> DNS accounts already exist
> No zone file /var/lib/samba/private/dns/OXARCH.LOCAL.zone
> DNS records will be automatically created
> DNS partitions already exist
> Finished upgrading DNS

This may have rebuilt a very minimal DNS, which may be a good thing.

> Found the comment about "no zone file" interesting because that
> directory doesn't exist and AFAIK has never existed (Ubuntu 18.04
> running Samba 4.7.6-Ubuntu).

Correct.  That tool does a number of different things, but one thing it
was built for originally was upgrading from a file-based zone into the
in-directory zone, hence that check and message.

Andrew Bartlett


> 
> ----- Original Message -----
> From: "Andrew Bartlett" <abartlet at samba.org>
> To: "Chris Puttick" <chris.puttick at cp1associates.net>, "samba" <
> samba at lists.samba.org>
> Sent: Tuesday, 22 June, 2021 06:47:29
> Subject: Re: [Samba] Accidental zone deletion
> 
> On Tue, 2021-06-22 at 05:29 +0000, Chris Puttick via samba wrote:
> > Hi 
> > 
> > We have a situation where an MS admin used the AD utilities to tidy
> > up an neighbouring (MS-based) domain but was attached to the wrong
> > DC
> > and deleted the wrongdomain.local zone file (which is apparently a
> > bit of a thing in MS circles); by the time said admin realised the
> > deletion had replicated across DCs on all sites. How do we recreate
> > it, in partiular the contents? Hoping the answer is "just manually
> > create the zone and it'll repopulate". 
> > 
> > Any suggestions welcomed... 
> 
> I assume of course you mean the zone in a Samba AD DC, not a simple
> .zone file.
> 
> This has happened, and yes, I do think we should prevent it at the
> database level, as nobody ever really means to do that.  Last time
> that
> happened we helped a client jury-rig up a backup of the sam.ldb into
> BIND9-DLZ (so only DNS used the old data), allowing service to
> somewhat
> continue while things were fixed back up.
> 
> However, I'm sorry to say it won't just be regenerated, while Samba
> will try and re-register itself every now and then, I wouldn't count
> on
> it getting back the way you found it fast.
> 
> How are your backups?
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
> 
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions
> 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

More information about the samba mailing list