samba - Jan 2016 - How to delete a corrupt record from internal DNS

I accidentally created a SRV record with a false port. I then updated 
the port but was afraid of any consequences. So I deleted that record 
again and wanted to re-create it. But now I can't: "The record already 
exists."

Observations:


1) I can't see it in the RSAT DNS gui, so I can't delete it there.


2) I also can't delete it via samba-tool (although I could delete it's 
counter part for the other DC; so the command is ok):

# samba-tool dns delete DC1 _msdcs.my.domain.tld 
_ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0 100"
ERROR: Record does not exist


3) However, it can be found with dig:

# dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>>
@DC1
_ldap._tcp.gc._msdcs.my.domain.tld SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV

;; ANSWER SECTION:
_ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 dc1.my.domain.tld.
_ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 dc2.my.domain.tld.

;; Query time: 1 msec
;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
;; WHEN: Thu Dec 17 13:28:06 2015
;; MSG SIZE  rcvd: 103


So, how do I get rid of this problematic record for my DC2?

No ideas on that?

Ole



Am 18.12.2015 um 13:44 schrieb Ole Traupe:
> I accidentally created a SRV record with a false port. I then updated 
> the port but was afraid of any consequences. So I deleted that record 
> again and wanted to re-create it. But now I can't: "The record
already
> exists."
>
> Observations:
>
>
> 1) I can't see it in the RSAT DNS gui, so I can't delete it there.
>
>
> 2) I also can't delete it via samba-tool (although I could delete
it's
> counter part for the other DC; so the command is ok):
>
> # samba-tool dns delete DC1 _msdcs.my.domain.tld 
> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0
100"
> ERROR: Record does not exist
>
>
> 3) However, it can be found with dig:
>
> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4
<<>> @DC1
> _ldap._tcp.gc._msdcs.my.domain.tld SRV
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>
> ;; ANSWER SECTION:
> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
> dc1.my.domain.tld.
> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
> dc2.my.domain.tld.
>
> ;; Query time: 1 msec
> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
> ;; WHEN: Thu Dec 17 13:28:06 2015
> ;; MSG SIZE  rcvd: 103
>
>
> So, how do I get rid of this problematic record for my DC2?
>
>

On 04/01/16 17:23, Ole Traupe wrote:
> No ideas on that?
>
> Ole
>
>
>
> Am 18.12.2015 um 13:44 schrieb Ole Traupe:
>> I accidentally created a SRV record with a false port. I then updated 
>> the port but was afraid of any consequences. So I deleted that record 
>> again and wanted to re-create it. But now I can't: "The record
>> already exists."
>>
>> Observations:
>>
>>
>> 1) I can't see it in the RSAT DNS gui, so I can't delete it
there.
>>
>>
>> 2) I also can't delete it via samba-tool (although I could delete 
>> it's counter part for the other DC; so the command is ok):
>>
>> # samba-tool dns delete DC1 _msdcs.my.domain.tld 
>> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld 3268 0
100"
>> ERROR: Record does not exist
>>
>>
>> 3) However, it can be found with dig:
>>
>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>
>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4
<<>> @DC1
>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
>> ; (1 server found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28612
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>>
>> ;; ANSWER SECTION:
>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>> dc1.my.domain.tld.
>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>> dc2.my.domain.tld.
>>
>> ;; Query time: 1 msec
>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
>> ;; WHEN: Thu Dec 17 13:28:06 2015
>> ;; MSG SIZE  rcvd: 103
>>
>>
>> So, how do I get rid of this problematic record for my DC2?
>>
>>
>
>
Hi Ole, can you identify the DN of the record you want to remove?
One way would be with ldbedit:
ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs --show-binary

and then searching for the record.

Once you have the DN, you may be able to delete the entire record with 
ldbdel:

ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN (without 
the 'dn: ')>

Rowland