ash-samba at comtek.co.uk
2016-Sep-12 19:23 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
On 09/09/16 16:35, lingpanda101--- via samba wrote:> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote: >> We appear to have some phantom DNS records on both our domain >> controllers. >> [...] >> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 >> [...] >> > > For me I had to use ADSI edit to remove the entries. >I've managed to locate the entries using ADSI edit ( for any future archive readers, open ADSI edit, and then connect using "DC=ForestDCZones,dc=chester-dc,dc=example,dc=com" as the naming context, the records are under CN=MicrosoftDNS). The thing is, if I open, say DC=_ldap._tcp.dc and then look at dnsRecord the entries are using some kind of encoding (a series of backslash prefixed 2 digit hex values). I'm unsure which records to delete, and I'm somewhat concerned about experimenting since I can't clearly tell what is going on with the regular tools (AD DNS/samba-tool). A possibly greater problem is that I can't actually search to see which records need modification. Will there be any impact if I just leave the corrupt records in place? Are there any tools to automate fixing things? Thanks,
lingpanda101 at gmail.com
2016-Sep-12 19:38 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
On 9/12/2016 3:23 PM, ash-samba--- via samba wrote:> On 09/09/16 16:35, lingpanda101--- via samba wrote: >> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote: >>> We appear to have some phantom DNS records on both our domain >>> controllers. >>> [...] >>> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 >>> [...] >>> >> >> For me I had to use ADSI edit to remove the entries. >> > I've managed to locate the entries using ADSI edit ( for any future > archive readers, open ADSI edit, and then connect using > "DC=ForestDCZones,dc=chester-dc,dc=example,dc=com" as the naming > context, the records are under CN=MicrosoftDNS). > > The thing is, if I open, say DC=_ldap._tcp.dc and then look at dnsRecord > the entries are using some kind of encoding (a series of backslash > prefixed 2 digit hex values). > > I'm unsure which records to delete, and I'm somewhat concerned about > experimenting since I can't clearly tell what is going on with the > regular tools (AD DNS/samba-tool). A possibly greater problem is that I > can't actually search to see which records need modification. > > Will there be any impact if I just leave the corrupt records in place? > > Are there any tools to automate fixing things? > > Thanks, > > >I assume you made a typo? Shouldn't it be 'DC=ForestDNSZones,dc=domain,dc=com'? Can you copy and paste exactly what the record looks like? I wouldn't delete anything unless absolutely sure. -- -James
lingpanda101 at gmail.com
2016-Sep-12 19:41 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
On 9/12/2016 3:23 PM, ash-samba--- via samba wrote:> On 09/09/16 16:35, lingpanda101--- via samba wrote: >> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote: >>> We appear to have some phantom DNS records on both our domain >>> controllers. >>> [...] >>> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 >>> [...] >>> >> >> For me I had to use ADSI edit to remove the entries. >> > I've managed to locate the entries using ADSI edit ( for any future > archive readers, open ADSI edit, and then connect using > "DC=ForestDCZones,dc=chester-dc,dc=example,dc=com" as the naming > context, the records are under CN=MicrosoftDNS). > > The thing is, if I open, say DC=_ldap._tcp.dc and then look at dnsRecord > the entries are using some kind of encoding (a series of backslash > prefixed 2 digit hex values). > > I'm unsure which records to delete, and I'm somewhat concerned about > experimenting since I can't clearly tell what is going on with the > regular tools (AD DNS/samba-tool). A possibly greater problem is that I > can't actually search to see which records need modification. > > Will there be any impact if I just leave the corrupt records in place? > > Are there any tools to automate fixing things? > > Thanks, > > >I see what you mean by the value of DNS. That's normal. It's in hexadecimal. -- -James
Rowland Penny
2016-Sep-12 19:47 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
On Mon, 12 Sep 2016 15:41:24 -0400 lingpanda101--- via samba <samba at lists.samba.org> wrote:> On 9/12/2016 3:23 PM, ash-samba--- via samba wrote: > > On 09/09/16 16:35, lingpanda101--- via samba wrote: > >> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote: > >>> We appear to have some phantom DNS records on both our domain > >>> controllers. > >>> [...] > >>> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 > >>> [...] > >>> > >> > >> For me I had to use ADSI edit to remove the entries. > >> > > I've managed to locate the entries using ADSI edit ( for any future > > archive readers, open ADSI edit, and then connect using > > "DC=ForestDCZones,dc=chester-dc,dc=example,dc=com" as the naming > > context, the records are under CN=MicrosoftDNS). > > > > The thing is, if I open, say DC=_ldap._tcp.dc and then look at > > dnsRecord the entries are using some kind of encoding (a series of > > backslash prefixed 2 digit hex values). > > > > I'm unsure which records to delete, and I'm somewhat concerned about > > experimenting since I can't clearly tell what is going on with the > > regular tools (AD DNS/samba-tool). A possibly greater problem is > > that I can't actually search to see which records need modification. > > > > Will there be any impact if I just leave the corrupt records in > > place? > > > > Are there any tools to automate fixing things? > > > > Thanks, > > > > > > > > I see what you mean by the value of DNS. That's normal. It's in > hexadecimal. >Not if you you know what tool to use, where to use it and the magic incantation ;-) # editing 1 records # record 1 dn: DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20151106115626.0Z whenChanged: 20151106115626.0Z uSNCreated: 3683 uSNChanged: 3683 showInAdvancedViewOnly: TRUE name: _ldap._tcp.pdc objectGUID: 77be2b80-e5c7-46bb-a410-7d7c5c02efa7 dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0020 (32) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000001 (1) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0185 (389) nameTarget : dc1.samdom.example.com objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com dc: _ldap._tcp.pdc distinguishedName: DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com And to get it editable: ldbedit -e nano -H /usr/local/samba/private/sam.ldb --cross-ncs --show-binary -b 'DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com' -s base All on one line, run on a DC. Rowland
Possibly Parallel Threads
- How to delete a corrupt record from internal DNS
- How to delete a corrupt record from internal DNS
- How to delete a corrupt record from internal DNS
- Phantom DNS records visible with dig, but not samba-tool dns
- Authentication to Secondary Domain Controller initially fails when PDC is offline