Thomas Simmons
2013-Mar-20 13:05 UTC
[Samba] Clients no longer updating DNS & unable to delete MX records
Hello,
After noticing some odd behavior on my domain, I realized that many of my
DNS records are incorrect and that clients are no longer properly updating
DNS. While looking into this, I also discovered that I am unable to delete
MX records via AD DNS Manager or samba-tool. Both tools "see" the
record
but report it does not exist when I attempt to delete it. I can create new
MX records, but cannot delete them. I can create and delete both A and
CNAME records. The same behavior occurs under all zones. I can create and
delete new forward lookup zones.
[root at ADC1 log]# samba-tool dns query adc1 internal.testdom.com mailsrv MX
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:adc1[,sign]
Name=, Records=3, Children=0
MX: mailsrv.internal.testdom.com. (10) (flags=f0, serial=4, ttl=900)
[root at ADC1 log]# samba-tool dns delete adc1 internal.testdom.com mailsrv MX
'mailsrv.internal.testdom.com 10'
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:adc1[,sign]
ERROR(runtime): uncaught exception - (9701,
'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
File
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py",
line 1169, in run
del_rec_buf)
Thomas Simmons
2013-Mar-20 19:29 UTC
[Samba] Clients no longer updating DNS & unable to delete MX records
On Wed, Mar 20, 2013 at 9:05 AM, Thomas Simmons <twsnnva at gmail.com> wrote:> Hello, > > After noticing some odd behavior on my domain, I realized that many of my > DNS records are incorrect and that clients are no longer properly updating > DNS. While looking into this, I also discovered that I am unable to delete > MX records via AD DNS Manager or samba-tool. Both tools "see" the record > but report it does not exist when I attempt to delete it. I can create new > MX records, but cannot delete them. I can create and delete both A and > CNAME records. The same behavior occurs under all zones. I can create and > delete new forward lookup zones. > > [root at ADC1 log]# samba-tool dns query adc1 internal.testdom.com mailsrv MX > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'sasl-DIGEST-MD5' registered > GENSEC backend 'schannel' registered > GENSEC backend 'spnego' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:adc1[,sign] > Name=, Records=3, Children=0 > MX: mailsrv.internal.testdom.com. (10) (flags=f0, serial=4, ttl=900) > > [root at ADC1 log]# samba-tool dns delete adc1 internal.testdom.com mailsrv > MX 'mailsrv.internal.testdom.com 10' > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'sasl-DIGEST-MD5' registered > GENSEC backend 'schannel' registered > GENSEC backend 'spnego' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:adc1[,sign] > ERROR(runtime): uncaught exception - (9701, > 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') > File > "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py", > line 1169, in run > del_rec_buf) > >With log level = 10, when attempting to deleting the record, it appears to find it, but reports it doesn't exist anyway. Has anyone seen this behavior before? The last DNS update was nearly 2 weeks ago and I am not aware of anything that happened around that time that would have triggered this. I don't know it this MX problem and the clients being unable to update DNS are related. [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_request: SEARCH dn: DC=internal.testdom.com ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com scope: one expr: (&(objectClass=dnsNode)(name=mailsrv)) attr: dnsRecord control: <NONE> [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_request: (resolve_oids)->search ... ... ... [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_response: ENTRY dn: DC=mailsrv,DC=internal.testdom.com ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com dnsRecord:: IgAPAAXwAAAEAAAAAAADhAAAAAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX lzZXMDY29tAA= dnsRecord:: EAAPAAXwAAA+AAAAAAAAAAAAAADcIjcAAAoMAgZnb29nbGUDY29tAA= dnsRecord:: IgAPAAXwAAAEAAAAAAADhAAAAAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX lzZXMDY29tAA= [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_response: DONE error: 0 [2013/03/20 13:52:20, 1, pid=2064, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:282(ndr_print_function_debug) DnssrvUpdateRecord2: struct DnssrvUpdateRecord2 out: struct DnssrvUpdateRecord2 result : WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST