On 18/05/2020 18:27, Alex wrote:>>>> 2. Why can't I query and/or delete it using standard means?
>>> Probably because it is a wrong record ????
>>> Try running this on a DC:
>>> ldbsearch --cross-ncs --show-binary -H
/var/lib/samba/private/sam.ldb -b
>>>
'DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com'
>>> -s sub '(objectClass=dnsNode)'
>> Thanks, Rowland. I've just tried your command but the output
does not contain
>> that bogus record. I even tried to remove the objectClass filter -
still no
>> luck.
> One record I've finally found that looks suspicious:
> # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb
-b
'DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com'
-s sub
>
> # record 1
> dn:
DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20200318110215.0Z
> whenChanged: 20200318110215.0Z
> uSNCreated: 13282
> uSNChanged: 13282
> showInAdvancedViewOnly: TRUE
> name: vm-dc4.domain.com.
> objectGUID: 80170015-b113-4435-bb33-ba60f4f9f608
> dnsRecord: NDR: struct dnsp_DnssrvRpcRecord
> wDataLength : 0x0004 (4)
> wType : DNS_TYPE_A (1)
> version : 0x05 (5)
> rank : DNS_RANK_GLUE (128)
> flags : 0x0000 (0)
> dwSerial : 0x000000b6 (182)
> dwTtlSeconds : 0x00000e10 (3600)
> dwReserved : 0x00000000 (0)
> dwTimeStamp : 0x00000000 (0)
> data : union dnsRecordData(case 1)
> ipv4 : 172.26.1.84
>
> objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=domain,DC=com
> dc: vm-dc4.domain.com.
> distinguishedName:
DC=vm-dc4.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
>
> I considered it suspicious b/c no similar record exists for vm-dc1:
> # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb
-b
DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
-s sub
> search error - No such Base DN:
DC=vm-dc1.domain.com.,DC=_msdcs.domain.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=domain,DC=com
>
> What do you think?
>
Strange, I do not have any computer (let alone DC) records in the forest
zone, this is one of my DC's record:
?dn:
DC=DC01,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20200306135346.0Z
whenChanged: 20200306135346.0Z
uSNCreated: 1367771
showInAdvancedViewOnly: TRUE
name: DC01
objectGUID: 2db5ee07-6361-4c40-b2c2-d321cda9e311
dnsRecord:???? NDR: struct dnsp_DnssrvRpcRecord
??????? wDataLength????????????? : 0x0004 (4)
??????? wType??????????????????? : DNS_TYPE_A (1)
??????? version????????????????? : 0x05 (5)
??????? rank???????????????????? : DNS_RANK_ZONE (240)
??????? flags??????????????????? : 0x0000 (0)
??????? dwSerial???????????????? : 0x000318c1 (202945)
??????? dwTtlSeconds???????????? : 0x00000384 (900)
??????? dwReserved?????????????? : 0x00000000 (0)
??????? dwTimeStamp????????????? : 0x00000000 (0)
???????? data???????????????????? : union dnsRecordData(case 1)
??????? ipv4???????????????????? : 192.168.0.8
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
dc: DC01
uSNChanged: 1367772
distinguishedName:
DC=DC01,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
Do you have similar records for your DC's ?
Rowland