Samba4 dns

From lippmann wiki
Jump to: navigation, search

Internal dns

editing the internal dns database by hand

The samba4 internal dns server used to have a bug where in specific circumstances multiple database entries could get added for the same host. see here for others experiencing the same When this happens, the relevant dns host can resolve with a dns query, but the entries are not shown in the RSAT gui, nor via sambatool. They can't be edited, removed or updated with the common administration tools. The fix is to remove the database entries by hand, and then recreate them via normal means. Removing the duplicate entries requires using tdb to find the relevant entries and then remove them.

in my case I have a hostname 'openbsd' resolving to address 192.168.1.14. It resolves fine, but does not show up with the RSAT DNS snap-in or with samba-tool A queries so can't be updated/removed/modified from there.

# host openbsd
openbsd.lippmann.us has address 192.168.1.14

Below paths assume samba4 is installed from source and so has /usr/local paths. If installed via a package, the relevant database and binary files are in /usr/share/samba etc. instead.

To edit the tdb database by hand I use tdbtool, provided with the samba install.

/usr/local/samba/bin/tdbtool
# cd /usr/local/samba/private/sam.ldb.d
# tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb
tdb>?
tdbtool:
 create    dbname     : create a database
 open      dbname     : open an existing database
 transaction_start    : start a transaction
 transaction_commit   : commit a transaction
 transaction_cancel   : cancel a transaction
 erase                : erase the database
 dump                 : dump the database as strings
 keys                 : dump the database keys as strings
 hexkeys              : dump the database keys as hex values
 info                 : print summary info about the database
 insert    key  data  : insert a record
 move      key  file  : move a record to a destination tdb
 store     key  data  : store a record (replace)
 show      key        : show a record by key
 delete    key        : delete a record by key
 list                 : print the database hash table and freelist
 free                 : print the database freelist
 freelist_size        : print the number of records in the freelist
 check                : check the integrity of an opened database
 repack               : repack the database
 speed                : perform speed tests on the database
 ! command            : execute system command
 1 | first            : print the first record
 n | next             : print the next record
 q | quit             : terminate
 \n                   : repeat 'next' command
 tdb>quit
#

Run the keys command to get all the database entries. Save the output to a text file.

tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb keys >/tmp/dns_keys

Search for the keys output for entries that include the name openbsd. I get these two:

#grep -i openbsd /tmp/dns_keys
key 81 bytes: DN=DC=OPENBSD,DC=LIPPMANN.US,CN=MICROSOFTDNS,DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US
key 23 bytes: DN=@INDEX:NAME:OPENBSD
#

Now remove them. It's important to add a backslash to the end of the keys.

tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb
tdb> delete DN=@INDEX:NAME:OPENBSD   <---- missing backslash
delete failed
tdb> delete DN=@INDEX:NAME:OPENBSD\
tdb> delete DN=DC=OPENBSD,DC=LIPPMANN.US,CN=MICROSOFTDNS,DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US\