[Samba] DNS management error accessing the domain zone
Rowland Penny
rpenny at samba.org
Thu Apr 3 14:40:39 UTC 2025
On Thu, 3 Apr 2025 09:10:09 -0300
Nicolás Hermida <nhermida at init.ar> wrote:
> Hi Rowland.
>
> I'm not sure about the initial version for this domain.
>
> I can tell you that the _msdcs.example.local zone exists and has
> records.
>
> Although I can tell you that connecting with the Windows DNS
> Management console, I see a difference.
> Connecting to the Samba DC and accessing the _msdcs.example.local zone
> shows a subfolder called 'local' indicates an error and cannot be
> accessed.
>
> On the other hand, when connecting to the primary domain controller
> (Windows) within the _msdcs.example.local zone, the subfolder called
> 'local' does not exist.
>
> The rest of the subfolders are the same: dc, domains, gc, pdc, and are
> accessible.
>
All I can suggest is you check the records in your AD, you can do this
with ldbsearch from your Samba AD DC:
This will obtain your DNS zones, change to match your setup:
sudo ldbsearch --cross-ncs -H ldap://dc1.samdom.example.com -P -b 'dc=samdom,dc=example,dc=com' -s sub '(objectclass=dnszone)' dn
# The forward zone:
dn: DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
# The forest zone:
dn: DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
# One or more optional reverse zone(s):
dn: DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
# Root dns servers (unused by Samba):
dn: DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
This will obtain your DNS records:
sudo ldbsearch --cross-ncs -H ldap://dc1.samdom.example.com -P -b 'dc=samdom,dc=example,dc=com' -s sub '(objectclass=dnsnode)' dn
# The required forward zone records:
dn: DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_kerberos._udp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_gc._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_kerberos._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_kpasswd._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_kpasswd._udp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=DomainDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.DomainDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=ForestDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.ForestDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.Default-First-Site-Name._sites,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_gc._tcp.Default-First-Site-Name._sites,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
There should also be 'A' records for all computers in the form:
dn: DC=<Computer_hostname>,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
# The required forest zone records:
dn: DC=@,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.dc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_kerberos._tcp.dc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=632d54f8-dab3-4a27-9ce7-c6e678bbc560,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=fb453823-737c-4a8b-93e1-dc197e236d50,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=f3927f94-74e6-410b-adec-7babc0f3ca3d,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.52e100e0-46c3-4a4a-834f-022b8773de73.domains,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.Default-First-Site-Name._sites.gc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_ldap._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_kerberos._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
# Optional reverse 'PTR' records in the form:
dn: DC=@,DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=105,DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
# the unused root server records:
dn: DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=a.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=b.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=c.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=e.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=g.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=i.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=k.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=m.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
dn: DC=@,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=a.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=b.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=c.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=e.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=g.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=i.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=k.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=m.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
If you find any other records, then it is likely they can be deleted, but check before deleting and if you are going to delete anything, then I suggest you back everything up before doing so.
Rowland
More information about the samba
mailing list