Rowland penny
2016-Jan-04 18:24 UTC
[Samba] How to delete a corrupt record from internal DNS
On 04/01/16 17:23, Ole Traupe wrote:> No ideas on that? > > Ole > > > > Am 18.12.2015 um 13:44 schrieb Ole Traupe: >> I accidentally created a SRV record with a false port. I then updated >> the port but was afraid of any consequences. So I deleted that record >> again and wanted to re-create it. But now I can't: "The record >> already exists." >> >> Observations: >> >> >> 1) I can't see it in the RSAT DNS gui, so I can't delete it there. >> >> >> 2) I also can't delete it via samba-tool (although I could delete >> it's counter part for the other DC; so the command is ok): >> >> # samba-tool dns delete DC1 _msdcs.my.domain.tld >> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0 100" >> ERROR: Record does not exist >> >> >> 3) However, it can be found with dig: >> >> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV >> >> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1 >> _ldap._tcp.gc._msdcs.my.domain.tld SRV >> ; (1 server found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612 >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 >> >> ;; QUESTION SECTION: >> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV >> >> ;; ANSWER SECTION: >> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 >> dc1.my.domain.tld. >> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 >> dc2.my.domain.tld. >> >> ;; Query time: 1 msec >> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC) >> ;; WHEN: Thu Dec 17 13:28:06 2015 >> ;; MSG SIZE rcvd: 103 >> >> >> So, how do I get rid of this problematic record for my DC2? >> >> > >Hi Ole, can you identify the DN of the record you want to remove? One way would be with ldbedit: ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs --show-binary and then searching for the record. Once you have the DN, you may be able to delete the entire record with ldbdel: ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN (without the 'dn: ')> Rowland
Am 04.01.2016 um 19:24 schrieb Rowland penny:> On 04/01/16 17:23, Ole Traupe wrote: >> No ideas on that? >> >> Ole >> >> >> >> Am 18.12.2015 um 13:44 schrieb Ole Traupe: >>> I accidentally created a SRV record with a false port. I then >>> updated the port but was afraid of any consequences. So I deleted >>> that record again and wanted to re-create it. But now I can't: "The >>> record already exists." >>> >>> Observations: >>> >>> >>> 1) I can't see it in the RSAT DNS gui, so I can't delete it there. >>> >>> >>> 2) I also can't delete it via samba-tool (although I could delete >>> it's counter part for the other DC; so the command is ok): >>> >>> # samba-tool dns delete DC1 _msdcs.my.domain.tld >>> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0 100" >>> ERROR: Record does not exist >>> >>> >>> 3) However, it can be found with dig: >>> >>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV >>> >>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1 >>> _ldap._tcp.gc._msdcs.my.domain.tld SRV >>> ; (1 server found) >>> ;; global options: +cmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612 >>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 >>> >>> ;; QUESTION SECTION: >>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV >>> >>> ;; ANSWER SECTION: >>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 >>> dc1.my.domain.tld. >>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 >>> dc2.my.domain.tld. >>> >>> ;; Query time: 1 msec >>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC) >>> ;; WHEN: Thu Dec 17 13:28:06 2015 >>> ;; MSG SIZE rcvd: 103 >>> >>> >>> So, how do I get rid of this problematic record for my DC2? >>> >>> >> >> > > Hi Ole, can you identify the DN of the record you want to remove? > One way would be with ldbedit: > ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs --show-binary > > and then searching for the record. > > Once you have the DN, you may be able to delete the entire record with > ldbdel: > > ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN (without > the 'dn: ')> > > Rowland > >Sorry, totally overlooked you posting. Thanks for the suggestion! with "dn: " you mean this? "DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld" Deleting this would delete the record for the 1st_DC as well, right? The whole "container" (or what appears to be one in the MS DNS console). Could also try this from there, of course. I only don't want to mess up even more stuff. ;) What baffles me: the LDAP data base is the basis of Samba's internal DNS, as well, I guess. Shouldn't I at least see some significant difference between the correct record for 1st_DC and the faulty for 2nd_DC? # record 3236 dn: DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20150616170609.0Z uSNCreated: 3532 showInAdvancedViewOnly: TRUE name: _ldap._tcp.gc objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld dc: _ldap._tcp.gc whenChanged: 20160108093106.0Z uSNChanged: 8590 dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x001e (30) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_NONE (0) flags : 0x0000 (0) dwSerial : 0x00000023 (35) dwTtlSeconds : 0x000000b4 (180) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0c83234c (209920844) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0cc4 (3268) nameTarget : dc2.my.domain.tld dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x001e (30) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000030 (48) dwTtlSeconds : 0x000000b4 (180) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0ca00cd2 (211815634) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0cc4 (3268) nameTarget : dc1.my.domain.tld distinguishedName: DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld The only difference I see is the "DNS_RANK_NONE (0)". Couldn't I try to adjust this "manually" with ldbedit? Ole
Rowland penny
2016-Jan-08 10:47 UTC
[Samba] How to delete a corrupt record from internal DNS
On 08/01/16 10:31, Ole Traupe wrote:> > > Am 04.01.2016 um 19:24 schrieb Rowland penny: >> On 04/01/16 17:23, Ole Traupe wrote: >>> No ideas on that? >>> >>> Ole >>> >>> >>> >>> Am 18.12.2015 um 13:44 schrieb Ole Traupe: >>>> I accidentally created a SRV record with a false port. I then >>>> updated the port but was afraid of any consequences. So I deleted >>>> that record again and wanted to re-create it. But now I can't: "The >>>> record already exists." >>>> >>>> Observations: >>>> >>>> >>>> 1) I can't see it in the RSAT DNS gui, so I can't delete it there. >>>> >>>> >>>> 2) I also can't delete it via samba-tool (although I could delete >>>> it's counter part for the other DC; so the command is ok): >>>> >>>> # samba-tool dns delete DC1 _msdcs.my.domain.tld >>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0 100" >>>> ERROR: Record does not exist >>>> >>>> >>>> 3) However, it can be found with dig: >>>> >>>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV >>>> >>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1 >>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV >>>> ; (1 server found) >>>> ;; global options: +cmd >>>> ;; Got answer: >>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612 >>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, >>>> ADDITIONAL: 0 >>>> >>>> ;; QUESTION SECTION: >>>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV >>>> >>>> ;; ANSWER SECTION: >>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 >>>> dc1.my.domain.tld. >>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 >>>> dc2.my.domain.tld. >>>> >>>> ;; Query time: 1 msec >>>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC) >>>> ;; WHEN: Thu Dec 17 13:28:06 2015 >>>> ;; MSG SIZE rcvd: 103 >>>> >>>> >>>> So, how do I get rid of this problematic record for my DC2? >>>> >>>> >>> >>> >> >> Hi Ole, can you identify the DN of the record you want to remove? >> One way would be with ldbedit: >> ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs --show-binary >> >> and then searching for the record. >> >> Once you have the DN, you may be able to delete the entire record >> with ldbdel: >> >> ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN >> (without the 'dn: ')> >> >> Rowland >> >> > > > Sorry, totally overlooked you posting. Thanks for the suggestion! > > with "dn: " you mean this? > > "DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld" > > > Deleting this would delete the record for the 1st_DC as well, right? > The whole "container" (or what appears to be one in the MS DNS console). > > Could also try this from there, of course. I only don't want to mess > up even more stuff. ;) > > What baffles me: the LDAP data base is the basis of Samba's internal > DNS, as well, I guess. Shouldn't I at least see some significant > difference between the correct record for 1st_DC and the faulty for > 2nd_DC? > > # record 3236 > dn: > DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld > objectClass: top > objectClass: dnsNode > instanceType: 4 > whenCreated: 20150616170609.0Z > uSNCreated: 3532 > showInAdvancedViewOnly: TRUE > name: _ldap._tcp.gc > objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db > objectCategory: > CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld > dc: _ldap._tcp.gc > whenChanged: 20160108093106.0Z > uSNChanged: 8590 > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x001e (30) > wType : DNS_TYPE_SRV (33) > version : 0x05 (5) > rank : DNS_RANK_NONE (0) > flags : 0x0000 (0) > dwSerial : 0x00000023 (35) > dwTtlSeconds : 0x000000b4 (180) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0c83234c (209920844) > data : union dnsRecordData(case 33) > srv: struct dnsp_srv > wPriority : 0x0000 (0) > wWeight : 0x0064 (100) > wPort : 0x0cc4 (3268) > nameTarget : dc2.my.domain.tld > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x001e (30) > wType : DNS_TYPE_SRV (33) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000030 (48) > dwTtlSeconds : 0x000000b4 (180) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0ca00cd2 (211815634) > data : union dnsRecordData(case 33) > srv: struct dnsp_srv > wPriority : 0x0000 (0) > wWeight : 0x0064 (100) > wPort : 0x0cc4 (3268) > nameTarget : dc1.my.domain.tld > > distinguishedName: > DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld > > The only difference I see is the "DNS_RANK_NONE (0)". Couldn't I try > to adjust this "manually" with ldbedit? > > > Ole > > >Don't think so, it was trying to change something with ldbedit that corrupted my AD object, leading me to having to delete the entire record and recreate it. Bear with me, I am trying to figure out how to alter "DNS_RANK_NONE" Rowland