samba - Jan 2016 - How to delete a corrupt record from internal DNS

On 08/01/16 10:31, Ole Traupe wrote:
>
>
> Am 04.01.2016 um 19:24 schrieb Rowland penny:
>> On 04/01/16 17:23, Ole Traupe wrote:
>>> No ideas on that?
>>>
>>> Ole
>>>
>>>
>>>
>>> Am 18.12.2015 um 13:44 schrieb Ole Traupe:
>>>> I accidentally created a SRV record with a false port. I then 
>>>> updated the port but was afraid of any consequences. So I
deleted
>>>> that record again and wanted to re-create it. But now I
can't: "The
>>>> record already exists."
>>>>
>>>> Observations:
>>>>
>>>>
>>>> 1) I can't see it in the RSAT DNS gui, so I can't
delete it there.
>>>>
>>>>
>>>> 2) I also can't delete it via samba-tool (although I could
delete
>>>> it's counter part for the other DC; so the command is ok):
>>>>
>>>> # samba-tool dns delete DC1 _msdcs.my.domain.tld 
>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV "dc2.my.domain.tld
3268 0 100"
>>>> ERROR: Record does not exist
>>>>
>>>>
>>>> 3) However, it can be found with dig:
>>>>
>>>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>
>>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4
<<>> @DC1
>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>> ; (1 server found)
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
28612
>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, 
>>>> ADDITIONAL: 0
>>>>
>>>> ;; QUESTION SECTION:
>>>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>>>>
>>>> ;; ANSWER SECTION:
>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>>>> dc1.my.domain.tld.
>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>>>> dc2.my.domain.tld.
>>>>
>>>> ;; Query time: 1 msec
>>>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
>>>> ;; WHEN: Thu Dec 17 13:28:06 2015
>>>> ;; MSG SIZE  rcvd: 103
>>>>
>>>>
>>>> So, how do I get rid of this problematic record for my DC2?
>>>>
>>>>
>>>
>>>
>>
>> Hi Ole, can you identify the DN of the record you want to remove?
>> One way would be with ldbedit:
>> ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs --show-binary
>>
>> and then searching for the record.
>>
>> Once you have the DN, you may be able to delete the entire record 
>> with ldbdel:
>>
>> ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN 
>> (without the 'dn: ')>
>>
>> Rowland
>>
>>
>
>
> Sorry, totally overlooked you posting. Thanks for the suggestion!
>
> with "dn: " you mean this?
>
>
"DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld"
>
>
> Deleting this would delete the record for the 1st_DC as well, right? 
> The whole "container" (or what appears to be one in the MS DNS
console).
>
> Could also try this from there, of course. I only don't want to mess 
> up even more stuff. ;)
>
> What baffles me: the LDAP data base is the basis of Samba's internal 
> DNS, as well, I guess. Shouldn't I at least see some significant 
> difference between the correct record for 1st_DC and the faulty for 
> 2nd_DC?
>
> # record 3236
> dn: 
>
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20150616170609.0Z
> uSNCreated: 3532
> showInAdvancedViewOnly: TRUE
> name: _ldap._tcp.gc
> objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db
> objectCategory: 
> CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld
> dc: _ldap._tcp.gc
> whenChanged: 20160108093106.0Z
> uSNChanged: 8590
> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>         wDataLength              : 0x001e (30)
>         wType                    : DNS_TYPE_SRV (33)
>         version                  : 0x05 (5)
>         rank                     : DNS_RANK_NONE (0)
>         flags                    : 0x0000 (0)
>         dwSerial                 : 0x00000023 (35)
>         dwTtlSeconds             : 0x000000b4 (180)
>         dwReserved               : 0x00000000 (0)
>         dwTimeStamp              : 0x0c83234c (209920844)
>         data                     : union dnsRecordData(case 33)
>         srv: struct dnsp_srv
>             wPriority                : 0x0000 (0)
>             wWeight                  : 0x0064 (100)
>             wPort                    : 0x0cc4 (3268)
>             nameTarget               : dc2.my.domain.tld
>
> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>         wDataLength              : 0x001e (30)
>         wType                    : DNS_TYPE_SRV (33)
>         version                  : 0x05 (5)
>         rank                     : DNS_RANK_ZONE (240)
>         flags                    : 0x0000 (0)
>         dwSerial                 : 0x00000030 (48)
>         dwTtlSeconds             : 0x000000b4 (180)
>         dwReserved               : 0x00000000 (0)
>         dwTimeStamp              : 0x0ca00cd2 (211815634)
>         data                     : union dnsRecordData(case 33)
>         srv: struct dnsp_srv
>             wPriority                : 0x0000 (0)
>             wWeight                  : 0x0064 (100)
>             wPort                    : 0x0cc4 (3268)
>             nameTarget               : dc1.my.domain.tld
>
> distinguishedName: 
>
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>
> The only difference I see is the "DNS_RANK_NONE (0)".
Couldn't I try
> to adjust this "manually" with ldbedit?
>
>
> Ole
>
>
>
Don't think so, it was trying to change something with ldbedit that 
corrupted my AD object, leading me to having to delete the entire record 
and recreate it.
Bear with me, I am trying to figure out how to alter "DNS_RANK_NONE"

Rowland

Am 08.01.2016 um 11:47 schrieb Rowland penny:
> On 08/01/16 10:31, Ole Traupe wrote:
>>
>>
>> Am 04.01.2016 um 19:24 schrieb Rowland penny:
>>> On 04/01/16 17:23, Ole Traupe wrote:
>>>> No ideas on that?
>>>>
>>>> Ole
>>>>
>>>>
>>>>
>>>> Am 18.12.2015 um 13:44 schrieb Ole Traupe:
>>>>> I accidentally created a SRV record with a false port. I
then
>>>>> updated the port but was afraid of any consequences. So I
deleted
>>>>> that record again and wanted to re-create it. But now I
can't:
>>>>> "The record already exists."
>>>>>
>>>>> Observations:
>>>>>
>>>>>
>>>>> 1) I can't see it in the RSAT DNS gui, so I can't
delete it there.
>>>>>
>>>>>
>>>>> 2) I also can't delete it via samba-tool (although I
could delete
>>>>> it's counter part for the other DC; so the command is
ok):
>>>>>
>>>>> # samba-tool dns delete DC1 _msdcs.my.domain.tld 
>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
"dc2.my.domain.tld 3268 0 100"
>>>>> ERROR: Record does not exist
>>>>>
>>>>>
>>>>> 3) However, it can be found with dig:
>>>>>
>>>>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>>
>>>>> ; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1
>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>> ; (1 server found)
>>>>> ;; global options: +cmd
>>>>> ;; Got answer:
>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
id: 28612
>>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, 
>>>>> ADDITIONAL: 0
>>>>>
>>>>> ;; QUESTION SECTION:
>>>>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>>>>>
>>>>> ;; ANSWER SECTION:
>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>>>>> dc1.my.domain.tld.
>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100 3268 
>>>>> dc2.my.domain.tld.
>>>>>
>>>>> ;; Query time: 1 msec
>>>>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
>>>>> ;; WHEN: Thu Dec 17 13:28:06 2015
>>>>> ;; MSG SIZE  rcvd: 103
>>>>>
>>>>>
>>>>> So, how do I get rid of this problematic record for my DC2?
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> Hi Ole, can you identify the DN of the record you want to remove?
>>> One way would be with ldbedit:
>>> ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs
--show-binary
>>>
>>> and then searching for the record.
>>>
>>> Once you have the DN, you may be able to delete the entire record 
>>> with ldbdel:
>>>
>>> ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object DN 
>>> (without the 'dn: ')>
>>>
>>> Rowland
>>>
>>>
>>
>>
>> Sorry, totally overlooked you posting. Thanks for the suggestion!
>>
>> with "dn: " you mean this?
>>
>>
"DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld"
>>
>>
>> Deleting this would delete the record for the 1st_DC as well, right? 
>> The whole "container" (or what appears to be one in the MS
DNS console).
>>
>> Could also try this from there, of course. I only don't want to
mess
>> up even more stuff. ;)
>>
>> What baffles me: the LDAP data base is the basis of Samba's
internal
>> DNS, as well, I guess. Shouldn't I at least see some significant 
>> difference between the correct record for 1st_DC and the faulty for 
>> 2nd_DC?
>>
>> # record 3236
>> dn: 
>>
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>> objectClass: top
>> objectClass: dnsNode
>> instanceType: 4
>> whenCreated: 20150616170609.0Z
>> uSNCreated: 3532
>> showInAdvancedViewOnly: TRUE
>> name: _ldap._tcp.gc
>> objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db
>> objectCategory: 
>> CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld
>> dc: _ldap._tcp.gc
>> whenChanged: 20160108093106.0Z
>> uSNChanged: 8590
>> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>>         wDataLength              : 0x001e (30)
>>         wType                    : DNS_TYPE_SRV (33)
>>         version                  : 0x05 (5)
>>         rank                     : DNS_RANK_NONE (0)
>>         flags                    : 0x0000 (0)
>>         dwSerial                 : 0x00000023 (35)
>>         dwTtlSeconds             : 0x000000b4 (180)
>>         dwReserved               : 0x00000000 (0)
>>         dwTimeStamp              : 0x0c83234c (209920844)
>>         data                     : union dnsRecordData(case 33)
>>         srv: struct dnsp_srv
>>             wPriority                : 0x0000 (0)
>>             wWeight                  : 0x0064 (100)
>>             wPort                    : 0x0cc4 (3268)
>>             nameTarget               : dc2.my.domain.tld
>>
>> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>>         wDataLength              : 0x001e (30)
>>         wType                    : DNS_TYPE_SRV (33)
>>         version                  : 0x05 (5)
>>         rank                     : DNS_RANK_ZONE (240)
>>         flags                    : 0x0000 (0)
>>         dwSerial                 : 0x00000030 (48)
>>         dwTtlSeconds             : 0x000000b4 (180)
>>         dwReserved               : 0x00000000 (0)
>>         dwTimeStamp              : 0x0ca00cd2 (211815634)
>>         data                     : union dnsRecordData(case 33)
>>         srv: struct dnsp_srv
>>             wPriority                : 0x0000 (0)
>>             wWeight                  : 0x0064 (100)
>>             wPort                    : 0x0cc4 (3268)
>>             nameTarget               : dc1.my.domain.tld
>>
>> distinguishedName: 
>>
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>>
>> The only difference I see is the "DNS_RANK_NONE (0)".
Couldn't I try
>> to adjust this "manually" with ldbedit?
>>
>>
>> Ole
>>
>>
>>
>
> Don't think so, it was trying to change something with ldbedit that 
> corrupted my AD object, leading me to having to delete the entire 
> record and recreate it.
> Bear with me, I am trying to figure out how to alter
"DNS_RANK_NONE"
>
> Rowland
>
>
If you say it is safe to delete (and recreate) the entire container 
including the record for the 1st_DC... then I will just do that. From an 
earlier post (to me directly) I take it, you did it without any hassle.

Am 08.01.2016 um 12:03 schrieb Ole Traupe:
>
>
> Am 08.01.2016 um 11:47 schrieb Rowland penny:
>> On 08/01/16 10:31, Ole Traupe wrote:
>>>
>>>
>>> Am 04.01.2016 um 19:24 schrieb Rowland penny:
>>>> On 04/01/16 17:23, Ole Traupe wrote:
>>>>> No ideas on that?
>>>>>
>>>>> Ole
>>>>>
>>>>>
>>>>>
>>>>> Am 18.12.2015 um 13:44 schrieb Ole Traupe:
>>>>>> I accidentally created a SRV record with a false port.
I then
>>>>>> updated the port but was afraid of any consequences. So
I deleted
>>>>>> that record again and wanted to re-create it. But now I
can't:
>>>>>> "The record already exists."
>>>>>>
>>>>>> Observations:
>>>>>>
>>>>>>
>>>>>> 1) I can't see it in the RSAT DNS gui, so I
can't delete it there.
>>>>>>
>>>>>>
>>>>>> 2) I also can't delete it via samba-tool (although
I could delete
>>>>>> it's counter part for the other DC; so the command
is ok):
>>>>>>
>>>>>> # samba-tool dns delete DC1 _msdcs.my.domain.tld 
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
"dc2.my.domain.tld 3268 0
>>>>>> 100"
>>>>>> ERROR: Record does not exist
>>>>>>
>>>>>>
>>>>>> 3) However, it can be found with dig:
>>>>>>
>>>>>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>>>
>>>>>> ; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>>> ; (1 server found)
>>>>>> ;; global options: +cmd
>>>>>> ;; Got answer:
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 28612
>>>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY:
0,
>>>>>> ADDITIONAL: 0
>>>>>>
>>>>>> ;; QUESTION SECTION:
>>>>>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>>>>>>
>>>>>> ;; ANSWER SECTION:
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100
3268
>>>>>> dc1.my.domain.tld.
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100
3268
>>>>>> dc2.my.domain.tld.
>>>>>>
>>>>>> ;; Query time: 1 msec
>>>>>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
>>>>>> ;; WHEN: Thu Dec 17 13:28:06 2015
>>>>>> ;; MSG SIZE  rcvd: 103
>>>>>>
>>>>>>
>>>>>> So, how do I get rid of this problematic record for my
DC2?
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> Hi Ole, can you identify the DN of the record you want to
remove?
>>>> One way would be with ldbedit:
>>>> ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs
--show-binary
>>>>
>>>> and then searching for the record.
>>>>
>>>> Once you have the DN, you may be able to delete the entire
record
>>>> with ldbdel:
>>>>
>>>> ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object
DN
>>>> (without the 'dn: ')>
>>>>
>>>> Rowland
>>>>
>>>>
>>>
>>>
>>> Sorry, totally overlooked you posting. Thanks for the suggestion!
>>>
>>> with "dn: " you mean this?
>>>
>>>
"DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld"
>>>
>>>
>>> Deleting this would delete the record for the 1st_DC as well,
right?
>>> The whole "container" (or what appears to be one in the
MS DNS
>>> console).
>>>
>>> Could also try this from there, of course. I only don't want to
mess
>>> up even more stuff. ;)
>>>
>>> What baffles me: the LDAP data base is the basis of Samba's
internal
>>> DNS, as well, I guess. Shouldn't I at least see some
significant
>>> difference between the correct record for 1st_DC and the faulty for
>>> 2nd_DC?
>>>
>>> # record 3236
>>> dn: 
>>>
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>>> objectClass: top
>>> objectClass: dnsNode
>>> instanceType: 4
>>> whenCreated: 20150616170609.0Z
>>> uSNCreated: 3532
>>> showInAdvancedViewOnly: TRUE
>>> name: _ldap._tcp.gc
>>> objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db
>>> objectCategory: 
>>> CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld
>>> dc: _ldap._tcp.gc
>>> whenChanged: 20160108093106.0Z
>>> uSNChanged: 8590
>>> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>>>         wDataLength              : 0x001e (30)
>>>         wType                    : DNS_TYPE_SRV (33)
>>>         version                  : 0x05 (5)
>>>         rank                     : DNS_RANK_NONE (0)
>>>         flags                    : 0x0000 (0)
>>>         dwSerial                 : 0x00000023 (35)
>>>         dwTtlSeconds             : 0x000000b4 (180)
>>>         dwReserved               : 0x00000000 (0)
>>>         dwTimeStamp              : 0x0c83234c (209920844)
>>>         data                     : union dnsRecordData(case 33)
>>>         srv: struct dnsp_srv
>>>             wPriority                : 0x0000 (0)
>>>             wWeight                  : 0x0064 (100)
>>>             wPort                    : 0x0cc4 (3268)
>>>             nameTarget               : dc2.my.domain.tld
>>>
>>> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>>>         wDataLength              : 0x001e (30)
>>>         wType                    : DNS_TYPE_SRV (33)
>>>         version                  : 0x05 (5)
>>>         rank                     : DNS_RANK_ZONE (240)
>>>         flags                    : 0x0000 (0)
>>>         dwSerial                 : 0x00000030 (48)
>>>         dwTtlSeconds             : 0x000000b4 (180)
>>>         dwReserved               : 0x00000000 (0)
>>>         dwTimeStamp              : 0x0ca00cd2 (211815634)
>>>         data                     : union dnsRecordData(case 33)
>>>         srv: struct dnsp_srv
>>>             wPriority                : 0x0000 (0)
>>>             wWeight                  : 0x0064 (100)
>>>             wPort                    : 0x0cc4 (3268)
>>>             nameTarget               : dc1.my.domain.tld
>>>
>>> distinguishedName: 
>>>
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>>>
>>> The only difference I see is the "DNS_RANK_NONE (0)".
Couldn't I try
>>> to adjust this "manually" with ldbedit?
>>>
>>>
>>> Ole
>>>
>>>
>>>
>>
>> Don't think so, it was trying to change something with ldbedit that
>> corrupted my AD object, leading me to having to delete the entire 
>> record and recreate it.
>> Bear with me, I am trying to figure out how to alter
"DNS_RANK_NONE"
>>
>> Rowland
>>
>>
>
> If you say it is safe to delete (and recreate) the entire container 
> including the record for the 1st_DC... then I will just do that. From 
> an earlier post (to me directly) I take it, you did it without any 
> hassle.
>
>
Because the RANK might or might not solve the problem.

On 08/01/16 11:03, Ole Traupe wrote:
>
>
> Am 08.01.2016 um 11:47 schrieb Rowland penny:
>> On 08/01/16 10:31, Ole Traupe wrote:
>>>
>>>
>>> Am 04.01.2016 um 19:24 schrieb Rowland penny:
>>>> On 04/01/16 17:23, Ole Traupe wrote:
>>>>> No ideas on that?
>>>>>
>>>>> Ole
>>>>>
>>>>>
>>>>>
>>>>> Am 18.12.2015 um 13:44 schrieb Ole Traupe:
>>>>>> I accidentally created a SRV record with a false port.
I then
>>>>>> updated the port but was afraid of any consequences. So
I deleted
>>>>>> that record again and wanted to re-create it. But now I
can't:
>>>>>> "The record already exists."
>>>>>>
>>>>>> Observations:
>>>>>>
>>>>>>
>>>>>> 1) I can't see it in the RSAT DNS gui, so I
can't delete it there.
>>>>>>
>>>>>>
>>>>>> 2) I also can't delete it via samba-tool (although
I could delete
>>>>>> it's counter part for the other DC; so the command
is ok):
>>>>>>
>>>>>> # samba-tool dns delete DC1 _msdcs.my.domain.tld 
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
"dc2.my.domain.tld 3268 0
>>>>>> 100"
>>>>>> ERROR: Record does not exist
>>>>>>
>>>>>>
>>>>>> 3) However, it can be found with dig:
>>>>>>
>>>>>> # dig @DC1 _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>>>
>>>>>> ; <<>> DiG
9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @DC1
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld SRV
>>>>>> ; (1 server found)
>>>>>> ;; global options: +cmd
>>>>>> ;; Got answer:
>>>>>> ;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 28612
>>>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY:
0,
>>>>>> ADDITIONAL: 0
>>>>>>
>>>>>> ;; QUESTION SECTION:
>>>>>> ;_ldap._tcp.gc._msdcs.my.domain.tld. IN SRV
>>>>>>
>>>>>> ;; ANSWER SECTION:
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100
3268
>>>>>> dc1.my.domain.tld.
>>>>>> _ldap._tcp.gc._msdcs.my.domain.tld. 180 IN SRV 0 100
3268
>>>>>> dc2.my.domain.tld.
>>>>>>
>>>>>> ;; Query time: 1 msec
>>>>>> ;; SERVER: IP_of_1stDC#53(IP_of_1stDC)
>>>>>> ;; WHEN: Thu Dec 17 13:28:06 2015
>>>>>> ;; MSG SIZE  rcvd: 103
>>>>>>
>>>>>>
>>>>>> So, how do I get rid of this problematic record for my
DC2?
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> Hi Ole, can you identify the DN of the record you want to
remove?
>>>> One way would be with ldbedit:
>>>> ldbedit -e nano -H /path/to/private/sam.ldb --cross-ncs
--show-binary
>>>>
>>>> and then searching for the record.
>>>>
>>>> Once you have the DN, you may be able to delete the entire
record
>>>> with ldbdel:
>>>>
>>>> ldbdel -H /path/to/private/sam.ldb --cross-ncs <the object
DN
>>>> (without the 'dn: ')>
>>>>
>>>> Rowland
>>>>
>>>>
>>>
>>>
>>> Sorry, totally overlooked you posting. Thanks for the suggestion!
>>>
>>> with "dn: " you mean this?
>>>
>>>
"DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld"
>>>
>>>
>>> Deleting this would delete the record for the 1st_DC as well,
right?
>>> The whole "container" (or what appears to be one in the
MS DNS
>>> console).
>>>
>>> Could also try this from there, of course. I only don't want to
mess
>>> up even more stuff. ;)
>>>
>>> What baffles me: the LDAP data base is the basis of Samba's
internal
>>> DNS, as well, I guess. Shouldn't I at least see some
significant
>>> difference between the correct record for 1st_DC and the faulty for
>>> 2nd_DC?
>>>
>>> # record 3236
>>> dn: 
>>>
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>>> objectClass: top
>>> objectClass: dnsNode
>>> instanceType: 4
>>> whenCreated: 20150616170609.0Z
>>> uSNCreated: 3532
>>> showInAdvancedViewOnly: TRUE
>>> name: _ldap._tcp.gc
>>> objectGUID: f72085bb-d317-4a22-82d3-760ab476b3db
>>> objectCategory: 
>>> CN=Dns-Node,CN=Schema,CN=Configuration,DC=my,DC=domain,DC=tld
>>> dc: _ldap._tcp.gc
>>> whenChanged: 20160108093106.0Z
>>> uSNChanged: 8590
>>> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>>>         wDataLength              : 0x001e (30)
>>>         wType                    : DNS_TYPE_SRV (33)
>>>         version                  : 0x05 (5)
>>>         rank                     : DNS_RANK_NONE (0)
>>>         flags                    : 0x0000 (0)
>>>         dwSerial                 : 0x00000023 (35)
>>>         dwTtlSeconds             : 0x000000b4 (180)
>>>         dwReserved               : 0x00000000 (0)
>>>         dwTimeStamp              : 0x0c83234c (209920844)
>>>         data                     : union dnsRecordData(case 33)
>>>         srv: struct dnsp_srv
>>>             wPriority                : 0x0000 (0)
>>>             wWeight                  : 0x0064 (100)
>>>             wPort                    : 0x0cc4 (3268)
>>>             nameTarget               : dc2.my.domain.tld
>>>
>>> dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
>>>         wDataLength              : 0x001e (30)
>>>         wType                    : DNS_TYPE_SRV (33)
>>>         version                  : 0x05 (5)
>>>         rank                     : DNS_RANK_ZONE (240)
>>>         flags                    : 0x0000 (0)
>>>         dwSerial                 : 0x00000030 (48)
>>>         dwTtlSeconds             : 0x000000b4 (180)
>>>         dwReserved               : 0x00000000 (0)
>>>         dwTimeStamp              : 0x0ca00cd2 (211815634)
>>>         data                     : union dnsRecordData(case 33)
>>>         srv: struct dnsp_srv
>>>             wPriority                : 0x0000 (0)
>>>             wWeight                  : 0x0064 (100)
>>>             wPort                    : 0x0cc4 (3268)
>>>             nameTarget               : dc1.my.domain.tld
>>>
>>> distinguishedName: 
>>>
DC=_ldap._tcp.gc,DC=_msdcs.my.domain.tld,CN=MicrosoftDNS,DC=ForestDnsZones,DC=my,DC=domain,DC=tld
>>>
>>> The only difference I see is the "DNS_RANK_NONE (0)".
Couldn't I try
>>> to adjust this "manually" with ldbedit?
>>>
>>>
>>> Ole
>>>
>>>
>>>
>>
>> Don't think so, it was trying to change something with ldbedit that
>> corrupted my AD object, leading me to having to delete the entire 
>> record and recreate it.
>> Bear with me, I am trying to figure out how to alter
"DNS_RANK_NONE"
>>
>> Rowland
>>
>>
>
> If you say it is safe to delete (and recreate) the entire container 
> including the record for the 1st_DC... then I will just do that. From 
> an earlier post (to me directly) I take it, you did it without any 
> hassle.
>
>
>
As I said, the only hassle I had was that when I tried to recreate the 
second DC record, I was told that the record already existed, and when I 
checked again, it did exist. If you do go down this path and delete the 
entire dns record, can I suggest you recreate the faulty record first 
and then add the other.

Rowland