Rowland Penny
2018-Jul-21 19:24 UTC
[Samba] samba 4.8 with bind - bugged dns entry in reverse lookup zone
On Sat, 21 Jul 2018 20:57:07 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote:> Hello, > > I found this bugged record with > > ldbsearch -H > path/to/samba/bind-dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=SUBDOMAIN\,DC\=DOMAIN\,DC\=PL.ldb > '(name=49)' > > So I have a couple of questions - hopefully someone can shed some > light: > > - am I looking in correct .ldb for bind-dns?No, only operate on sam.ldb, you need the '--cross-ncs' option to ldbsearch.> - can I remove this record?yes, provided it is the correct record.> If yes what's the best method?ldbdelete ?>Should > samba and/or bind be stopped?Neither should need to be stopped.> As I have 2 DC's, is editing on one enough?Yes, the change should be replicated to the other.> SHould both be stopped?No, you shouldn't need to stop either. Rowland
Kacper Wirski
2018-Jul-21 19:43 UTC
[Samba] samba 4.8 with bind - bugged dns entry in reverse lookup zone
Thank You for the prompt reply. By "sam.ldb" you mean the samba/bind-dns/dns/sam.ldb right? After executing: ldbsearch --cross-ncs -H /path/to/samba/bind-dns/dns/sam.ldb '(name=49)' I do find same records, as with previous search including the one I need to delete as it is bugged. It's dn is: DC=49,DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mysubdomain,DC=mydomain,DC=com But when executing search again with '(dn=...)' instead of '(name=...)': ldbsearch --cross-ncs -H /path/to/samba/bind-dns/dns/sam.ldb '(dn=DC=49,DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mysubdomain,DC=mydomain,DC=com)' I get "0 records found". I suppose there's something wrong with my query. i tried escaping "=" after dn= (e.g. dn=DC\=49 etc.), but it didn't work. So what am I missing? And what would be proper syntax for ldbdel: ldbdel -H /path/to/samba/bind-dns/dns/sam.ldb '(dn=<corrected dn from above)' ? Regards, Kacper W dniu 21.07.2018 o 21:24, Rowland Penny via samba pisze:> On Sat, 21 Jul 2018 20:57:07 +0200 > Kacper Wirski via samba <samba at lists.samba.org> wrote: > >> Hello, >> >> I found this bugged record with >> >> ldbsearch -H >> path/to/samba/bind-dns/dns/sam.ldb.d/DC\=DOMAINDNSZONES\,DC\=SUBDOMAIN\,DC\=DOMAIN\,DC\=PL.ldb >> '(name=49)' >> >> So I have a couple of questions - hopefully someone can shed some >> light: >> >> - am I looking in correct .ldb for bind-dns? > No, only operate on sam.ldb, you need the '--cross-ncs' option to > ldbsearch. > >> - can I remove this record? > yes, provided it is the correct record. > >> If yes what's the best method? > ldbdelete ? > >> Should >> samba and/or bind be stopped? > Neither should need to be stopped. > >> As I have 2 DC's, is editing on one enough? > Yes, the change should be replicated to the other. > >> SHould both be stopped? > No, you shouldn't need to stop either. > > Rowland > >
Rowland Penny
2018-Jul-21 21:21 UTC
[Samba] samba 4.8 with bind - bugged dns entry in reverse lookup zone
On Sat, 21 Jul 2018 21:43:17 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote:> Thank You for the prompt reply. > > By "sam.ldb" you mean the samba/bind-dns/dns/sam.ldb right?wrong /path/to/private/sam.ldb> > After executing: > > ldbsearch --cross-ncs -H /path/to/samba/bind-dns/dns/sam.ldb > '(name=49)' > > I do find same records, as with previous search including the one I > need to delete as it is bugged. > > It's dn is: > > DC=49,DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mysubdomain,DC=mydomain,DC=com > > But when executing search again with '(dn=...)' instead of > '(name=...)': > > ldbsearch --cross-ncs -H /path/to/samba/bind-dns/dns/sam.ldb > '(dn=DC=49,DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mysubdomain,DC=mydomain,DC=com)'ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb '(&(objectclass=dnsnode)(name=88))' Which would produce (amongst other things): dn: DC=88,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com> > > I get "0 records found". > > I suppose there's something wrong with my query. i tried escaping "=" > after dn= (e.g. dn=DC\=49 etc.), but it didn't work. So what am I > missing? > > And what would be proper syntax for ldbdel: > > ldbdel -H /path/to/samba/bind-dns/dns/sam.ldb '(dn=<corrected dn from > above)' >ldbdel --cross-ncs -H /var/lib/samba/private/sam.ldb DC=88,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com i.e. you don't use 'dn: ' Rowland
Reasonably Related Threads
- samba 4.8 with bind - bugged dns entry in reverse lookup zone
- samba 4.8 with bind - bugged dns entry in reverse lookup zone
- samba 4.8 with bind - bugged dns entry in reverse lookup zone
- dynamic update for reverse lookup zone denied - insufficient access rights
- samba AD - bind - deleted DNS entries are not removed completely