Rowland Penny
2016-Sep-12 19:47 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
On Mon, 12 Sep 2016 15:41:24 -0400 lingpanda101--- via samba <samba at lists.samba.org> wrote:> On 9/12/2016 3:23 PM, ash-samba--- via samba wrote: > > On 09/09/16 16:35, lingpanda101--- via samba wrote: > >> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote: > >>> We appear to have some phantom DNS records on both our domain > >>> controllers. > >>> [...] > >>> # dig _ldap._tcp.dc._msdcs.chester-dc.example.com srv @10.4.4.155 > >>> [...] > >>> > >> > >> For me I had to use ADSI edit to remove the entries. > >> > > I've managed to locate the entries using ADSI edit ( for any future > > archive readers, open ADSI edit, and then connect using > > "DC=ForestDCZones,dc=chester-dc,dc=example,dc=com" as the naming > > context, the records are under CN=MicrosoftDNS). > > > > The thing is, if I open, say DC=_ldap._tcp.dc and then look at > > dnsRecord the entries are using some kind of encoding (a series of > > backslash prefixed 2 digit hex values). > > > > I'm unsure which records to delete, and I'm somewhat concerned about > > experimenting since I can't clearly tell what is going on with the > > regular tools (AD DNS/samba-tool). A possibly greater problem is > > that I can't actually search to see which records need modification. > > > > Will there be any impact if I just leave the corrupt records in > > place? > > > > Are there any tools to automate fixing things? > > > > Thanks, > > > > > > > > I see what you mean by the value of DNS. That's normal. It's in > hexadecimal. >Not if you you know what tool to use, where to use it and the magic incantation ;-) # editing 1 records # record 1 dn: DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20151106115626.0Z whenChanged: 20151106115626.0Z uSNCreated: 3683 uSNChanged: 3683 showInAdvancedViewOnly: TRUE name: _ldap._tcp.pdc objectGUID: 77be2b80-e5c7-46bb-a410-7d7c5c02efa7 dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0020 (32) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000001 (1) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0185 (389) nameTarget : dc1.samdom.example.com objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com dc: _ldap._tcp.pdc distinguishedName: DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com And to get it editable: ldbedit -e nano -H /usr/local/samba/private/sam.ldb --cross-ncs --show-binary -b 'DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com' -s base All on one line, run on a DC. Rowland
ash-samba at comtek.co.uk
2016-Sep-12 20:21 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
On 12/09/16 20:47, Rowland Penny via samba wrote:> On Mon, 12 Sep 2016 15:41:24 -0400 > lingpanda101--- via samba <samba at lists.samba.org> wrote: > >> On 9/12/2016 3:23 PM, ash-samba--- via samba wrote: >>> On 09/09/16 16:35, lingpanda101--- via samba wrote: >>>> On 9/9/2016 10:59 AM, ash-samba--- via samba wrote: >>>>> We appear to have some phantom DNS records on both our domain[...]>>>>> And to get it editable: >>>>> >>>>> ldbedit -e nano -H /usr/local/samba/private/sam.ldb --cross-ncs >>>>> --show-binary -b >>>>> 'DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com' >>>>> -s base >>>>> >>>>> All on one line, run on a DC. >>>>> >>>>> Rowland >>>>>Okay, thanks. I'd love to know how it got into this state, though. The idea of tampering with a potentially corrupt AD scares me; I think perhaps I'm going to snapshot the domain controllers before I do it!
ash-samba at comtek.co.uk
2016-Sep-13 14:20 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
> And to get it editable: > > ldbedit -e nano -H /usr/local/samba/private/sam.ldb --cross-ncs > --show-binary -b > 'DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com' > -s base > > All on one line, run on a DC. > > RowlandThe problem is that when I save and exit (even if I make no ldif changes), I get: Error: First line of ldif must be a dn not 'dnsRecord' I get this even if I'm editing a seemingly valid DNS record. The broken record is: # editing 1 records # record 1 dn: DC=_ldap._tcp.dc,DC=_msdcs.chester-dc.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=chester-dc,DC=example,DC=com objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20140528144629.0Z uSNCreated: 18305 showInAdvancedViewOnly: TRUE name: _ldap._tcp.dc objectGUID: bf3c8f60-48d9-43d4-a6a3-d724352ae8e9 objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=chester-dc,DC=example,DC=com dc: _ldap._tcp.dc dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0028 (40) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x0000006e (110) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0185 (389) nameTarget : HAWAII.chester-dc.example.com dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0028 (40) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x0000006e (110) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0185 (389) nameTarget : ALASKA.chester-dc.example.com dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0028 (40) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x0000006e (110) dwTtlSeconds : 0x00000000 (0) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00378ff8 (3641336) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0185 (389) nameTarget : v-fief.chester-dc.example.com dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0028 (40) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_NONE (0) flags : 0x0000 (0) dwSerial : 0x0000006e (110) dwTtlSeconds : 0x00000000 (0) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0d5895fd (223909373) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0185 (389) nameTarget : v-ward.chester-dc.example.com dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0021 (33) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_NONE (0) flags : 0x0000 (0) dwSerial : 0x0000006e (110) dwTtlSeconds : 0x00000000 (0) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0de21bb2 (232922034) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0185 (389) nameTarget : v-ward.chester-dc.co.uk dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x001b (27) wType : DNS_TYPE_SRV (33) version : 0x05 (5) rank : DNS_RANK_NONE (0) flags : 0x0000 (0) dwSerial : 0x0000006e (110) dwTtlSeconds : 0x00000000 (0) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0de21c35 (232922165) data : union dnsRecordData(case 33) srv: struct dnsp_srv wPriority : 0x0000 (0) wWeight : 0x0064 (100) wPort : 0x0185 (389) nameTarget : v-ward.chester-dc whenChanged: 20160908160654.0Z uSNChanged: 33473 distinguishedName: DC=_ldap._tcp.dc,DC=_msdcs.chester-dc.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=chester-dc,DC=example,DC=com
Rowland Penny
2016-Sep-13 14:51 UTC
[Samba] Phantom DNS records visible with dig, but not samba-tool dns
On Tue, 13 Sep 2016 15:20:29 +0100 ash-samba--- via samba <samba at lists.samba.org> wrote:> > And to get it editable: > > > > ldbedit -e nano -H /usr/local/samba/private/sam.ldb --cross-ncs > > --show-binary -b > > 'DC=_ldap._tcp.pdc,DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com' > > -s base > > > > All on one line, run on a DC. > > > > Rowland > The problem is that when I save and exit (even if I make no ldif > changes), I get: > > Error: First line of ldif must be a dn not 'dnsRecord' > > I get this even if I'm editing a seemingly valid DNS record. > > The broken record is: > > # editing 1 records > # record 1 > dn: > DC=_ldap._tcp.dc,DC=_msdcs.chester-dc.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=chester-dc,DC=example,DC=com > objectClass: top objectClass: dnsNode > instanceType: 4 > whenCreated: 20140528144629.0Z > uSNCreated: 18305 > showInAdvancedViewOnly: TRUE > name: _ldap._tcp.dc > objectGUID: bf3c8f60-48d9-43d4-a6a3-d724352ae8e9 > objectCategory: > CN=Dns-Node,CN=Schema,CN=Configuration,DC=chester-dc,DC=example,DC=com > dc: _ldap._tcp.dc dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0028 (40) > wType : DNS_TYPE_SRV (33) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x0000006e (110) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x00000000 (0) > data : union dnsRecordData(case 33) > srv: struct dnsp_srv > wPriority : 0x0000 (0) > wWeight : 0x0064 (100) > wPort : 0x0185 (389) > nameTarget : HAWAII.chester-dc.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0028 (40) > wType : DNS_TYPE_SRV (33) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x0000006e (110) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x00000000 (0) > data : union dnsRecordData(case 33) > srv: struct dnsp_srv > wPriority : 0x0000 (0) > wWeight : 0x0064 (100) > wPort : 0x0185 (389) > nameTarget : ALASKA.chester-dc.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0028 (40) > wType : DNS_TYPE_SRV (33) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x0000006e (110) > dwTtlSeconds : 0x00000000 (0) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x00378ff8 (3641336) > data : union dnsRecordData(case 33) > srv: struct dnsp_srv > wPriority : 0x0000 (0) > wWeight : 0x0064 (100) > wPort : 0x0185 (389) > nameTarget : v-fief.chester-dc.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0028 (40) > wType : DNS_TYPE_SRV (33) > version : 0x05 (5) > rank : DNS_RANK_NONE (0) > flags : 0x0000 (0) > dwSerial : 0x0000006e (110) > dwTtlSeconds : 0x00000000 (0) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0d5895fd (223909373) > data : union dnsRecordData(case 33) > srv: struct dnsp_srv > wPriority : 0x0000 (0) > wWeight : 0x0064 (100) > wPort : 0x0185 (389) > nameTarget : v-ward.chester-dc.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0021 (33) > wType : DNS_TYPE_SRV (33) > version : 0x05 (5) > rank : DNS_RANK_NONE (0) > flags : 0x0000 (0) > dwSerial : 0x0000006e (110) > dwTtlSeconds : 0x00000000 (0) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0de21bb2 (232922034) > data : union dnsRecordData(case 33) > srv: struct dnsp_srv > wPriority : 0x0000 (0) > wWeight : 0x0064 (100) > wPort : 0x0185 (389) > nameTarget : v-ward.chester-dc.co.uk > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x001b (27) > wType : DNS_TYPE_SRV (33) > version : 0x05 (5) > rank : DNS_RANK_NONE (0) > flags : 0x0000 (0) > dwSerial : 0x0000006e (110) > dwTtlSeconds : 0x00000000 (0) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0de21c35 (232922165) > data : union dnsRecordData(case 33) > srv: struct dnsp_srv > wPriority : 0x0000 (0) > wWeight : 0x0064 (100) > wPort : 0x0185 (389) > nameTarget : v-ward.chester-dc > > whenChanged: 20160908160654.0Z > uSNChanged: 33473 > distinguishedName: > DC=_ldap._tcp.dc,DC=_msdcs.chester-dc.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=chester-dc,DC=example,DC=com > > >Now you have identified what the records, you should be able to remove the required records with samba-tool, for instance, if you wanted to remove the record for ' HAWAII', try this: samba-tool dns delete 127.0.0.1 _msdcs.chester-dc.example.com _ldap._tcp.dc SRV 'HAWAII.chester-dc.example.com 389 0 100' Rowland
Apparently Analagous Threads
- Phantom DNS records visible with dig, but not samba-tool dns
- How to delete a corrupt record from internal DNS
- How to delete a corrupt record from internal DNS
- How to delete a corrupt record from internal DNS
- Phantom DNS records visible with dig, but not samba-tool dns