samba - Nov 2025 - Stray DC A record in DNS

Hi Rowland,

Thank you for your response and help!

Regarding the following, written by "Rowland Penny via samba" on
2025-11-27 at 13:10 Uhr +0000:
>ldbsearch --cross-ncs --show-binary -H /var/lib/samba/private/sam.ldb >
full.ldif
>
>Then search in full.ldif for your ipaddress, it may be there multiple
>times.
I've run this command, but the
result does *not* contain the sought IP address at all, not one single
time.
>If you did find the ipaddress in the bind9 config files, I would then
>suggest you correct the files. Samba uses bind_dlz to connect Bind9 to
>the dns records in AD, there shouldn't be any AD dns records in the
>bind9 files.
Right, I understand and there is nothing AD-related in `/etc/bind`.

So it's not in `/etc/bind` and apparently not in `/var/lib/samba`. It's
not in `/var/cache/bind` and not in `/var/lib/bind`.

Where else can I look and remove this IP address from DNS?

I've run `named -d 255` in the hope to get some more information, but
all that is logged for a `dig` request is:

```
client @0x770b8e77c898 192.168.235.1#52095: UDP request
client @0x770b8e77c898 192.168.235.1#52095: using view '_default'
client @0x770b8e77c898 192.168.235.1#52095: request is not signed
client @0x770b8e77c898 192.168.235.1#52095: recursion available
client @0x770b8e77c898 192.168.235.1#52095 (dc01.samba-ad.example.org): query
'dc01.samba-ad.example.org/A/IN' approved
client @0x770b8e77c898 192.168.235.1#52095 (dc01.samba-ad.example.org):
rrl=(nil), HAVECOOKIE=0, result=ISC_R_SUCCESS, fname=0x770b9366e780(1),
is_zone=1, RECURSIONOK=1, query.rpz_st=0x770b8e748800(0), RRL_CHECKED=0
client @0x770b8e77c898 192.168.235.1#52095 (dc01.samba-ad.example.org): reset
client
```

I remain quite puzzled.

-- 
martin krafft | https://matrix.to/#/#madduck:madduck.net
  
don't hate yourself in the morning -- sleep till noon.
{: .blockquote }
  
spamtraps: madduck.bogus at madduck.net
{: .hidden }

On Fri, 28 Nov 2025 10:33:56 +0100
martin f krafft via samba <samba at lists.samba.org> wrote:
> Hi Rowland,
> 
> Thank you for your response and help!
> 
> Regarding the following, written by "Rowland Penny via samba" on
> 2025-11-27 at 13:10 Uhr +0000:
> >ldbsearch --cross-ncs --show-binary -H
> >/var/lib/samba/private/sam.ldb > full.ldif
> >
> >Then search in full.ldif for your ipaddress, it may be there multiple
> >times.
> 
> I've run this command, but the
> result does *not* contain the sought IP address at all, not one single
> time.
That is strange, searching in sam.ldb without '--cross-ncs' will only
search the main NC and without '--show-binary' the output is hashed, so
you do not get the ipaddress in clear text.
> 
> >If you did find the ipaddress in the bind9 config files, I would then
> >suggest you correct the files. Samba uses bind_dlz to connect Bind9
> >to the dns records in AD, there shouldn't be any AD dns records in
> >the bind9 files.
> 
> Right, I understand and there is nothing AD-related in `/etc/bind`.
> 
> So it's not in `/etc/bind` and apparently not in `/var/lib/samba`.
> It's not in `/var/cache/bind` and not in `/var/lib/bind`.
> 
> Where else can I look and remove this IP address from DNS?
> 
> I've run `named -d 255` in the hope to get some more information, but
> all that is logged for a `dig` request is:
> 
> ```
> client @0x770b8e77c898 192.168.235.1#52095: UDP request
> client @0x770b8e77c898 192.168.235.1#52095: using view '_default'
> client @0x770b8e77c898 192.168.235.1#52095: request is not signed
> client @0x770b8e77c898 192.168.235.1#52095: recursion available
> client @0x770b8e77c898 192.168.235.1#52095
> (dc01.samba-ad.example.org): query 'dc01.samba-ad.example.org/A/IN'
> approved client @0x770b8e77c898 192.168.235.1#52095
> (dc01.samba-ad.example.org): rrl=(nil), HAVECOOKIE=0,
> result=ISC_R_SUCCESS, fname=0x770b9366e780(1), is_zone=1,
> RECURSIONOK=1, query.rpz_st=0x770b8e748800(0), RRL_CHECKED=0 client
> @0x770b8e77c898 192.168.235.1#52095 (dc01.samba-ad.example.org):
> reset client ```
> 
> I remain quite puzzled.
> 
I wonder if it is coming from a cache somewhere ?
Is nscd running ? If so, then I would stop it, you do not require it,
Samba has its own caches.

Is sssd running, If so, I would stop it, you do not require it and it
can cause strange problems on Samba.

Rowland