[Samba] Stray DC A record in DNS

Rowland Penny rpenny at samba.org
Fri Nov 28 09:47:10 UTC 2025 

On Fri, 28 Nov 2025 10:33:56 +0100
martin f krafft via samba <samba at lists.samba.org> wrote:

> Hi Rowland,
> 
> Thank you for your response and help!
> 
> Regarding the following, written by "Rowland Penny via samba" on
> 2025-11-27 at 13:10 Uhr +0000:
> >ldbsearch --cross-ncs --show-binary -H
> >/var/lib/samba/private/sam.ldb > full.ldif
> >
> >Then search in full.ldif for your ipaddress, it may be there multiple
> >times.
> 
> I've run this command, but the
> result does *not* contain the sought IP address at all, not one single
> time.

That is strange, searching in sam.ldb without '--cross-ncs' will only
search the main NC and without '--show-binary' the output is hashed, so
you do not get the ipaddress in clear text.

> 
> >If you did find the ipaddress in the bind9 config files, I would then
> >suggest you correct the files. Samba uses bind_dlz to connect Bind9
> >to the dns records in AD, there shouldn't be any AD dns records in
> >the bind9 files.
> 
> Right, I understand and there is nothing AD-related in `/etc/bind`.
> 
> So it's not in `/etc/bind` and apparently not in `/var/lib/samba`.
> It's not in `/var/cache/bind` and not in `/var/lib/bind`.
> 
> Where else can I look and remove this IP address from DNS?
> 
> I've run `named -d 255` in the hope to get some more information, but
> all that is logged for a `dig` request is:
> 
> ```
> client @0x770b8e77c898 192.168.235.1#52095: UDP request
> client @0x770b8e77c898 192.168.235.1#52095: using view '_default'
> client @0x770b8e77c898 192.168.235.1#52095: request is not signed
> client @0x770b8e77c898 192.168.235.1#52095: recursion available
> client @0x770b8e77c898 192.168.235.1#52095
> (dc01.samba-ad.example.org): query 'dc01.samba-ad.example.org/A/IN'
> approved client @0x770b8e77c898 192.168.235.1#52095
> (dc01.samba-ad.example.org): rrl=(nil), HAVECOOKIE=0,
> result=ISC_R_SUCCESS, fname=0x770b9366e780(1), is_zone=1,
> RECURSIONOK=1, query.rpz_st=0x770b8e748800(0), RRL_CHECKED=0 client
> @0x770b8e77c898 192.168.235.1#52095 (dc01.samba-ad.example.org):
> reset client ```
> 
> I remain quite puzzled.
> 

I wonder if it is coming from a cache somewhere ?
Is nscd running ? If so, then I would stop it, you do not require it,
Samba has its own caches.

Is sssd running, If so, I would stop it, you do not require it and it
can cause strange problems on Samba.

Rowland

More information about the samba mailing list