duplicate dns zones 4.0.9 and samba-master

Taylor, Jonn jonnt at taylortelephone.com
Tue Oct 8 09:27:01 MDT 2013 

On 10/08/2013 02:15 AM, Amitay Isaacs wrote:
>
> On Thu, Oct 3, 2013 at 11:47 PM, Taylor, Jonn 
> <jonnt at taylortelephone.com <mailto:jonnt at taylortelephone.com>> wrote:
>
>     On 10/02/2013 08:02 PM, Amitay Isaacs wrote:
>>
>>     Hi John,
>>
>>     On Thu, Oct 3, 2013 at 2:54 AM, Taylor, Jonn
>>     <jonnt at taylortelephone.com <mailto:jonnt at taylortelephone.com>> wrote:
>>
>>         Looks like it is working. Thank you! Now we just need to have
>>         Andrew fix the database stuff when he has time.
>>
>>         Oct  2 11:48:44 dc0 named[29090]: starting BIND
>>         9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 -u named
>>         Oct  2 11:48:44 dc0 named[29090]: built with
>>         '--build=x86_64-redhat-linux-gnu'
>>         '--host=x86_64-redhat-linux-gnu'
>>         '--target=x86_64-redhat-linux-gnu' '--program-prefix='
>>         '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
>>         '--sbindir=/usr/sbin' '--sysconfdir=/etc'
>>         '--datadir=/usr/share' '--includedir=/usr/include'
>>         '--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
>>         '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
>>         '--infodir=/usr/share/info' '--with-libtool'
>>         '--localstatedir=/var' '--enable-threads' '--enable-ipv6'
>>         '--with-pic' '--disable-static'
>>         '--disable-openssl-version-check' '--with-dlz-ldap=yes'
>>         '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
>>         '--with-dlz-filesystem=yes' '--with-gssapi=yes'
>>         '--disable-isc-spnego'
>>         '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
>>         '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
>>         'host_alias=x86_64-redhat-linux-gnu'
>>         'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe
>>         -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
>>         --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS=
>>         -DDIG_SIGCHASE'
>>         Oct  2 11:48:44 dc0 named[29090]:
>>         ----------------------------------------------------
>>         Oct  2 11:48:44 dc0 named[29090]: BIND 9 is maintained by
>>         Internet Systems Consortium,
>>         Oct  2 11:48:44 dc0 named[29090]: Inc. (ISC), a non-profit
>>         501(c)(3) public-benefit
>>         Oct  2 11:48:44 dc0 named[29090]: corporation.  Support and
>>         training for BIND 9 are
>>         Oct  2 11:48:44 dc0 named[29090]: available at
>>         https://www.isc.org/support
>>         Oct  2 11:48:44 dc0 named[29090]:
>>         ----------------------------------------------------
>>         Oct  2 11:48:44 dc0 named[29090]: adjusted limit on open
>>         files from 4096 to 1048576
>>         Oct  2 11:48:44 dc0 named[29090]: found 1 CPU, using 1 worker
>>         thread
>>         Oct  2 11:48:44 dc0 named[29090]: using up to 4096 sockets
>>         Oct  2 11:48:44 dc0 named[29090]: loading configuration from
>>         '/etc/named.conf'
>>         Oct  2 11:48:44 dc0 named[29090]: reading built-in trusted
>>         keys from file '/etc/named.iscdlv.key'
>>         Oct  2 11:48:44 dc0 named[29090]: using default UDP/IPv4 port
>>         range: [1024, 65535]
>>         Oct  2 11:48:44 dc0 named[29090]: using default UDP/IPv6 port
>>         range: [1024, 65535]
>>         Oct  2 11:48:44 dc0 named[29090]: listening on IPv6 interface
>>         lo, ::1#53
>>         Oct  2 11:48:44 dc0 named[29090]: generating session key for
>>         dynamic DNS
>>         Oct  2 11:48:44 dc0 named[29090]: sizing zone task pool based
>>         on 1 zones
>>         Oct  2 11:48:44 dc0 named[29090]: Loading 'AD DNS Zone' using
>>         driver dlopen
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: started for DN
>>         DC=taylortelephone,DC=com
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: starting configure
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>         writeable zone 'example.lan'
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>         writeable zone '198.89.70.in-addr.arpa'
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>         writeable zone '173.168.192.in-addr.arpa'
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>         writeable zone '183.168.192.in-addr.arpa'
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>         writeable zone '170.168.192.in-addr.arpa'
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>         writeable zone 'taylortelephone.com <http://taylortelephone.com>'
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>         writeable zone 'taylordatacom.com <http://taylordatacom.com>'
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: configured
>>         writeable zone '_msdcs.taylortelephone.com
>>         <http://msdcs.taylortelephone.com>'
>>         Oct  2 11:48:45 dc0 named[29090]: samba_dlz: Ignoring
>>         duplicate zone 'taylortelephone.com
>>         <http://taylortelephone.com>' from
>>         'DC=@,DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
>>         <mailto:DC=@,DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com>'
>>         Oct  2 11:48:45 dc0 named[29090]: using built-in DLV key for
>>         view _default
>>
>>
>>     This is a bit surprising. I was expecting to see the duplicate
>>     zone in the system partition
>>
>>     CN=MicrosoftDNS,CN=System,DC=taylortelephone,DC=com
>>
>>     and not really in the ForestDnsZones partition.  I am wondering
>>     how did you end up with duplicate primary DNS zone in forest dns
>>     partition.  Usually the primary domain zone is in DomainDnsZones
>>     partition and _msdcs.<domain> zone is in ForestDnsZones
>>     partition.  You might want to delete this duplicate zone from
>>     ForestDnsZones partition.
>>
>>
>>     Amitay.
>     I tried to delete it but when one gets deleted the other one does
>     too. Andrew said it is hard coded that way in s4. This use to be a
>     2003 domain that I upgraded to 2008r2. It only show up that way on
>     an s4 server. My win2k8r2 that is going away shows only 1 in the
>     dns snap-in.
>
>
> How did you try to delete this zone?  Using samba-tool dns zonedelete 
> or using ldbdel?  If you tried to delete using "samba-tool dns 
> zonedelete" it would remove only one of the zones from DomainDNsZones 
> partition and not from ForestDnsZones partition.  The correct way 
> would be to delete using ldbdel.
>
>    ldbdel -H /path/to/sam/database  DC=taylortelephone.com 
> <http://taylortelephone.com>,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
>
>
>     I have had a bug open on this for a year now.
>     https://bugzilla.samba.org/show_bug.cgi?id=9210
>
>
> I haven't been getting enough time to work on DNS stuff.
>
> Amitay.
That did not work.

[root at dc0 ~]# ldbdel -H /usr/local/samba/private/dns/sam.ldb 
DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
delete of 
'DC=taylortelephone.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=taylortelephone,DC=com' 
failed - (Not allowed on non-leaf) subtree_delete: Unable to delete a 
non-leaf node (it has 7 children)!
[root at dc0 ~]#

Jonn

More information about the samba-technical mailing list