Hello, I've just discovered a bogus record in _msdcs zone which exists on samba-dc (vm-dc4, 4.12.2) only and missing on a PDC (vm-dc1, Windows Server 2008 R2): # samba-tool dns query localhost _msdcs.domain.com @ ALL -U administrator 2>/dev/null Password for [DOMAIN\administrator]: Name=, Records=3, Children=0 NS: vm-dc1.domain.com. (flags=600000f0, serial=181, ttl=3600) NS: vm-dc4.domain.com. (flags=600000f0, serial=181, ttl=3600) SOA: serial=181, refresh=900, retry=600, expire=86400, minttl=3600, ns=vm-dc1.domain.com., email=hostmaster.domain.com. (flags=600000f0, serial=181, ttl=3600) Name=com, Records=0, Children=1 <- this one (notice it has a children) Name=a4a6a0f0-a085-4a01-84ff-7b7b00081575, Records=1, Children=0 CNAME: vm-dc1.domain.com. (flags=f0, serial=110, ttl=600) Name=aae5c8b4-5d21-4030-884a-e5dc2ca963df, Records=1, Children=0 CNAME: vm-dc4.domain.com. (flags=f0, serial=169, ttl=900) Name=dc, Records=0, Children=2 Name=domains, Records=0, Children=1 Name=gc, Records=0, Children=2 Name=pdc, Records=0, Children=1 I can also see it in DNS Manager MMC. However, I'm unable to delete it: [2020/05/18 15:56:26.881194, 0] ../../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1610(dnsserver_operate_zone) dnsserver: zone operation 'DeleteNode' not implemented DnssrvOperation2: struct DnssrvOperation2 in: struct DnssrvOperation2 dwClientVersion : DNS_CLIENT_VERSION_LONGHORN (458752) dwSettingFlags : 0x00000000 (0) pwszServerName : * pwszServerName : 'vm-dc4' pszZone : * pszZone : '_msdcs.domain.com' dwContext : 0x00000000 (0) pszOperation : * pszOperation : 'DeleteNode' dwTypeId : DNSSRV_TYPEID_NAME_AND_PARAM (15) pData : union DNSSRV_RPC_UNION(case 15) NameAndParam : * NameAndParam: struct DNS_RPC_NAME_AND_PARAM dwParam : 0x00000001 (1) pszNodeName : * pszNodeName : 'com._msdcs.domain.com' Also I can't query it (there should be children as we saw above): # samba-tool dns query localhost _msdcs.domain.com com ALL -U administrator 2>/dev/null Password for [DOMAIN\administrator]: # Compare with the same query agains the gc subdomain: # samba-tool dns query localhost _msdcs.domain.com gc ALL -U administrator 2>/dev/null Password for [DOMAIN\administrator]: Name=, Records=2, Children=0 A: 172.26.1.84 (flags=f0, serial=190, ttl=900) A: 172.26.1.81 (flags=f0, serial=190, ttl=600) Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=1 Questions: 1. Is it safe to delete it using ADSIEdit (for example) 2. Why can't I query and/or delete it using standard means? -- Best regards, Alex
On 18/05/2020 14:15, Alex via samba wrote> Questions: > 1. Is it safe to delete it using ADSIEdit (for example)Yes, but I would use ldbdel> 2. Why can't I query and/or delete it using standard means?Probably because it is a wrong record ???? Try running this on a DC: ldbsearch --cross-ncs --show-binary -H /var/lib/samba/private/sam.ldb -b 'DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com' -s sub '(objectClass=dnsNode)' You might have to divert the output to a file to capture all the output, you should then be able to work out the ldbdel command. Rowland
>>> 2. Why can't I query and/or delete it using standard means?>> Probably because it is a wrong record ????>> Try running this on a DC:>> ldbsearch --cross-ncs --show-binary -H /var/lib/samba/private/sam.ldb -b >> 'DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com' >> -s sub '(objectClass=dnsNode)'> Thanks, Rowland. I've just tried your command but the output does not contain > that bogus record. I even tried to remove the objectClass filter - still no > luck.One record I've finally found that looks suspicious: # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b 'DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com' -s sub # record 1 dn: DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20200318110215.0Z whenChanged: 20200318110215.0Z uSNCreated: 13282 uSNChanged: 13282 showInAdvancedViewOnly: TRUE name: vm-dc4.domain.com. objectGUID: 80170015-b113-4435-bb33-ba60f4f9f608 dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0004 (4) wType : DNS_TYPE_A (1) version : 0x05 (5) rank : DNS_RANK_GLUE (128) flags : 0x0000 (0) dwSerial : 0x000000b6 (182) dwTtlSeconds : 0x00000e10 (3600) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 1) ipv4 : 172.26.1.84 objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=domain,DC=com dc: vm-dc4.domain.com. distinguishedName: DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com I considered it suspicious b/c no similar record exists for vm-dc1: # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com -s sub search error - No such Base DN: DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com What do you think? -- Best regards, Alex
On 18/05/2020 18:27, Alex wrote:>>>> 2. Why can't I query and/or delete it using standard means? >>> Probably because it is a wrong record ???? >>> Try running this on a DC: >>> ldbsearch --cross-ncs --show-binary -H /var/lib/samba/private/sam.ldb -b >>> 'DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com' >>> -s sub '(objectClass=dnsNode)' >> Thanks, Rowland. I've just tried your command but the output does not contain >> that bogus record. I even tried to remove the objectClass filter - still no >> luck. > One record I've finally found that looks suspicious: > # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b 'DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com' -s sub > > # record 1 > dn: DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com > objectClass: top > objectClass: dnsNode > instanceType: 4 > whenCreated: 20200318110215.0Z > whenChanged: 20200318110215.0Z > uSNCreated: 13282 > uSNChanged: 13282 > showInAdvancedViewOnly: TRUE > name: vm-dc4.domain.com. > objectGUID: 80170015-b113-4435-bb33-ba60f4f9f608 > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0004 (4) > wType : DNS_TYPE_A (1) > version : 0x05 (5) > rank : DNS_RANK_GLUE (128) > flags : 0x0000 (0) > dwSerial : 0x000000b6 (182) > dwTtlSeconds : 0x00000e10 (3600) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x00000000 (0) > data : union dnsRecordData(case 1) > ipv4 : 172.26.1.84 > > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=domain,DC=com > dc: vm-dc4.domain.com. > distinguishedName: DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com > > I considered it suspicious b/c no similar record exists for vm-dc1: > # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com -s sub > search error - No such Base DN: DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com > > What do you think? >Strange, I do not have any computer (let alone DC) records in the forest zone, this is one of my DC's record: ?dn: DC=DC01,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20200306135346.0Z whenChanged: 20200306135346.0Z uSNCreated: 1367771 showInAdvancedViewOnly: TRUE name: DC01 objectGUID: 2db5ee07-6361-4c40-b2c2-d321cda9e311 dnsRecord:???? NDR: struct dnsp_DnssrvRpcRecord ??????? wDataLength????????????? : 0x0004 (4) ??????? wType??????????????????? : DNS_TYPE_A (1) ??????? version????????????????? : 0x05 (5) ??????? rank???????????????????? : DNS_RANK_ZONE (240) ??????? flags??????????????????? : 0x0000 (0) ??????? dwSerial???????????????? : 0x000318c1 (202945) ??????? dwTtlSeconds???????????? : 0x00000384 (900) ??????? dwReserved?????????????? : 0x00000000 (0) ??????? dwTimeStamp????????????? : 0x00000000 (0) ???????? data???????????????????? : union dnsRecordData(case 1) ??????? ipv4???????????????????? : 192.168.0.8 objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com dc: DC01 uSNChanged: 1367772 distinguishedName: DC=DC01,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com Do you have similar records for your DC's ? Rowland
Possibly Parallel Threads
- bogus record in _msdcs zone in samba-dc
- Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
- Replication not working for remote Domain Controller
- bind-dns Folder Missing for Samba4 Setup in Ubuntu
- FW: samba_kcc issue after joining the domain as a DC