editing the internal dns database by hand
The samba4 internal dns server used to have a bug where in specific circumstances multiple database entries could get added for the same host. see here for others experiencing the same When this happens, the relevant dns host can resolve with a dns query, but the entries are not shown in the RSAT gui, nor via sambatool. They can't be edited, removed or updated with the common administration tools. The fix is to remove the database entries by hand, and then recreate them via normal means. Removing the duplicate entries requires using tdb to find the relevant entries and then remove them.
in my case I have a hostname 'openbsd' resolving to address 192.168.1.14. It resolves fine, but does not show up with the RSAT DNS snap-in or with samba-tool A queries so can't be updated/removed/modified from there.
# host openbsd openbsd.lippmann.us has address 192.168.1.14
Below paths assume samba4 is installed from source and so has /usr/local paths. If installed via a package, the relevant database and binary files are in /usr/share/samba etc. instead.
To edit the tdb database by hand I use tdbtool, provided with the samba install.
# cd /usr/local/samba/private/sam.ldb.d # tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb tdb>? tdbtool: create dbname : create a database open dbname : open an existing database transaction_start : start a transaction transaction_commit : commit a transaction transaction_cancel : cancel a transaction erase : erase the database dump : dump the database as strings keys : dump the database keys as strings hexkeys : dump the database keys as hex values info : print summary info about the database insert key data : insert a record move key file : move a record to a destination tdb store key data : store a record (replace) show key : show a record by key delete key : delete a record by key list : print the database hash table and freelist free : print the database freelist freelist_size : print the number of records in the freelist check : check the integrity of an opened database repack : repack the database speed : perform speed tests on the database ! command : execute system command 1 | first : print the first record n | next : print the next record q | quit : terminate \n : repeat 'next' command tdb>quit #
Run the keys command to get all the database entries. Save the output to a text file.
tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb keys >/tmp/dns_keys
Search for the keys output for entries that include the name openbsd. I get these two:
#grep -i openbsd /tmp/dns_keys key 81 bytes: DN=DC=OPENBSD,DC=LIPPMANN.US,CN=MICROSOFTDNS,DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US key 23 bytes: DN=@INDEX:NAME:OPENBSD #
Now remove them. It's important to add a backslash to the end of the keys.
tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb tdb> delete DN=@INDEX:NAME:OPENBSD <---- missing backslash delete failed tdb> delete DN=@INDEX:NAME:OPENBSD\ tdb> delete DN=DC=OPENBSD,DC=LIPPMANN.US,CN=MICROSOFTDNS,DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US\