ash-samba at comtek.co.uk
2016-Sep-09 14:59 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
We appear to have some phantom DNS records on both our domain controllers. We can see the records using "dig", but not with samba-tool. We can't remove the records either. (v-ward and v-fief are the DCs, Hawaii and Alaska are old DCs which were demoted without errors, I'm trying to clean up some DNS records which don't seem to have been cleaned). All machines are 4.2.10-Debian Can anybody advise how I can fix this? Ideally in this case there would only be two records. Console output follows Thanks, root at v-ward# samba-tool dns query v-ward _msdcs.chester-dc.example.com _ldap._tcp.dc srv Password for [ash at CHESTER-DC.EXAMPLE.COM]: Name=, Records=3, Children=0 SRV: HAWAII.chester-dc.example.com. (389, 0, 100) (flags=f0, serial=110, ttl=900) SRV: ALASKA.chester-dc.example.com. (389, 0, 100) (flags=f0, serial=110, ttl=900) SRV: v-fief.chester-dc.example.com. (389, 0, 100) (flags=f0, serial=110, ttl=0) root at v-ward# samba-tool dns delete v-ward _msdcs.chester-dc.example.com _ldap._tcp.dc srv "v-ward.chester-dc. 389 0 100" Password for [ash at CHESTER-DC.EXAMPLE.COM]: ERROR: Record does not exist #(10.4.4.155 is samba on v-ward) # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 ; <<>> DiG 9.9.5-9+deb8u4-Debian <<>> _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14081 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;_ldap._tcp.dc._msdcs.chester-dc.example.com. IN SRV ;; ANSWER SECTION: _ldap._tcp.dc._msdcs.chester-dc.example.com. 900 IN SRV 0 100 389 HAWAII.chester-dc.example.com. _ldap._tcp.dc._msdcs.chester-dc.example.com. 900 IN SRV 0 100 389 ALASKA.chester-dc.example.com. _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389 v-fief.chester-dc.example.com. _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389 v-ward.chester-dc.example.com. _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389 v-ward.chester-dc.co.uk. _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389 v-ward.chester-dc. ;; Query time: 0 msec ;; SERVER: 10.4.4.155#53(10.4.4.155) ;; WHEN: Fri Sep 09 15:38:48 BST 2016 ;; MSG SIZE rcvd: 245 # testparm Load smb config files from /etc/samba/smb.conf Processing section "[netlogon]" Processing section "[sysvol]" Loaded services file OK. Server role: ROLE_ACTIVE_DIRECTORY_DC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = CHESTER-DC realm = CHESTER-DC.EXAMPLE.COM server role = active directory domain controller passdb backend = samba_dsdb log file = /var/log/samba/log.%m max log size = 1000 client ldap sasl wrapping = plain ldap server require strong auth = No load printers = No cups server = printers.example.com panic action = /usr/share/samba/panic-action %d dns forwarder = 10.4.4.10 rpc_server:tcpip = no rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external winbindd:use external pipes = true acl:read = false rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded idmap config chester-dc : range = 1000-999999 idmap config chester-dc : backend = ad idmap config * : range = 1000000-1999999 idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb map archive = No map readonly = no store dos attributes = Yes include = /etc/samba/smb.common vfs objects = dfs_samba4 acl_xattr
lingpanda101 at gmail.com
2016-Sep-09 15:35 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
On 9/9/2016 10:59 AM, ash-samba--- via samba wrote:> We appear to have some phantom DNS records on both our domain > controllers. > > We can see the records using "dig", but not with samba-tool. We can't > remove the records either. > > (v-ward and v-fief are the DCs, Hawaii and Alaska are old DCs which > were demoted without errors, I'm trying to clean up some DNS records > which don't seem to have been cleaned). > > All machines are 4.2.10-Debian > > Can anybody advise how I can fix this? Ideally in this case there > would only be two records. > > Console output follows > > Thanks, > > > > root at v-ward# samba-tool dns query v-ward _msdcs.chester-dc.example.com > _ldap._tcp.dc srv > Password for [ash at CHESTER-DC.EXAMPLE.COM]: > Name=, Records=3, Children=0 > SRV: HAWAII.chester-dc.example.com. (389, 0, 100) (flags=f0, > serial=110, ttl=900) > SRV: ALASKA.chester-dc.example.com. (389, 0, 100) (flags=f0, > serial=110, ttl=900) > SRV: v-fief.chester-dc.example.com. (389, 0, 100) (flags=f0, > serial=110, ttl=0) > > root at v-ward# samba-tool dns delete v-ward > _msdcs.chester-dc.example.com _ldap._tcp.dc srv "v-ward.chester-dc. > 389 0 100" > Password for [ash at CHESTER-DC.EXAMPLE.COM]: > ERROR: Record does not exist > > #(10.4.4.155 is samba on v-ward) > # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 > > ; <<>> DiG 9.9.5-9+deb8u4-Debian <<>> > _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14081 > ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 6, AUTHORITY: 0, > ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;_ldap._tcp.dc._msdcs.chester-dc.example.com. IN SRV > > ;; ANSWER SECTION: > _ldap._tcp.dc._msdcs.chester-dc.example.com. 900 IN SRV 0 100 389 > HAWAII.chester-dc.example.com. > _ldap._tcp.dc._msdcs.chester-dc.example.com. 900 IN SRV 0 100 389 > ALASKA.chester-dc.example.com. > _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389 > v-fief.chester-dc.example.com. > _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389 > v-ward.chester-dc.example.com. > _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389 > v-ward.chester-dc.co.uk. > _ldap._tcp.dc._msdcs.chester-dc.example.com. 0 IN SRV 0 100 389 > v-ward.chester-dc. > > ;; Query time: 0 msec > ;; SERVER: 10.4.4.155#53(10.4.4.155) > ;; WHEN: Fri Sep 09 15:38:48 BST 2016 > ;; MSG SIZE rcvd: 245 > > # testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[netlogon]" > Processing section "[sysvol]" > Loaded services file OK. > Server role: ROLE_ACTIVE_DIRECTORY_DC > > Press enter to see a dump of your service definitions > > # Global parameters > [global] > workgroup = CHESTER-DC > realm = CHESTER-DC.EXAMPLE.COM > server role = active directory domain controller > passdb backend = samba_dsdb > log file = /var/log/samba/log.%m > max log size = 1000 > client ldap sasl wrapping = plain > ldap server require strong auth = No > load printers = No > cups server = printers.example.com > panic action = /usr/share/samba/panic-action %d > dns forwarder = 10.4.4.10 > rpc_server:tcpip = no > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > winbindd:use external pipes = true > acl:read = false > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > idmap config chester-dc : range = 1000-999999 > idmap config chester-dc : backend = ad > idmap config * : range = 1000000-1999999 > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > map archive = No > map readonly = no > store dos attributes = Yes > include = /etc/samba/smb.common > vfs objects = dfs_samba4 acl_xattr > > >For me I had to use ADSI edit to remove the entries. -- -James
Seemingly Similar Threads
- Phantom DNS records visible with dig, but not samba-tool dns
- Phantom DNS records visible with dig, but not samba-tool dns
- Phantom DNS records visible with dig, but not samba-tool dns
- Phantom DNS records visible with dig, but not samba-tool dns
- Phantom DNS records visible with dig, but not samba-tool dns