Difference between revisions of "Samba4 dns"

From lippmann wiki
Jump to: navigation, search
(Created page with "=Internal dns= The samba4 internal dns server used to have a bug where it could get into a race condition when adding entries. When this happened, multiple database entries go...")
 
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
=Internal dns=
 
=Internal dns=
The samba4 internal dns server used to have a bug where it could get into a race condition when adding entries. When this happened, multiple database entries got added for the same host.
+
==editing the internal dns database by hand==
The symptom ends up being that dns entries do resolve, but are not shown in the RSAT gui, nor via sambatool. They can't be edited, removed or updated with these common administration tools. The fix is to remove the duplicate entries, and then recreate the entry via normal means.
+
The samba4 internal dns server used to have a bug where in specific circumstances multiple database entries could get added for the same host. [https://lists.samba.org/archive/samba/2013-September/175477.html see here for others experiencing the same]
Removing the duplicate entries requires using tdb to find the relevant entries and then remove them.
+
When this happens, the relevant dns host can resolve with a dns query, but the entries are not shown in the RSAT gui, nor via sambatool. They can't be edited, removed or updated with the common administration tools. The fix is to remove the database entries by hand, and then recreate them via normal means. Removing the duplicate entries requires using tdb to find the relevant entries and then remove them.
 +
 
 +
in my case I have a hostname 'openbsd' resolving to address 192.168.1.14. It resolves fine, but does not show up with the RSAT DNS snap-in or with samba-tool A queries so can't be updated/removed/modified from there.
 +
 
 +
# host openbsd
 +
openbsd.lippmann.us has address 192.168.1.14
 +
 
 +
Below paths assume samba4 is installed from source and so has /usr/local paths. If installed via a package, the relevant database and binary files are in /usr/share/samba etc. instead.
 +
 
 +
To edit the tdb database by hand I use tdbtool, provided with the samba install.
 +
/usr/local/samba/bin/tdbtool
 +
 
 +
# cd /usr/local/samba/private/sam.ldb.d
 +
# tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb
 +
tdb>?
 +
tdbtool:
 +
  create    dbname    : create a database
 +
  open      dbname    : open an existing database
 +
  transaction_start    : start a transaction
 +
  transaction_commit  : commit a transaction
 +
  transaction_cancel  : cancel a transaction
 +
  erase                : erase the database
 +
  dump                : dump the database as strings
 +
  keys                : dump the database keys as strings
 +
  hexkeys              : dump the database keys as hex values
 +
  info                : print summary info about the database
 +
  insert    key  data  : insert a record
 +
  move      key  file  : move a record to a destination tdb
 +
  store    key  data  : store a record (replace)
 +
  show      key        : show a record by key
 +
  delete    key        : delete a record by key
 +
  list                : print the database hash table and freelist
 +
  free                : print the database freelist
 +
  freelist_size        : print the number of records in the freelist
 +
  check                : check the integrity of an opened database
 +
  repack              : repack the database
 +
  speed                : perform speed tests on the database
 +
  ! command            : execute system command
 +
  1 | first            : print the first record
 +
  n | next            : print the next record
 +
  q | quit            : terminate
 +
  \n                  : repeat 'next' command
 +
  tdb>quit
 +
#
 +
 
 +
Run the keys command to get all the database entries. Save the output to a text file.
 +
tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb keys >/tmp/dns_keys
 +
 
 +
Search for  the keys output for entries that include the name openbsd. I get these two:
 +
#grep -i openbsd /tmp/dns_keys
 +
key 81 bytes: DN=DC=OPENBSD,DC=LIPPMANN.US,CN=MICROSOFTDNS,DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US
 +
key 23 bytes: DN=@INDEX:NAME:OPENBSD
 +
#
 +
Now remove them. It's important to add a backslash to the end of the keys.
 +
tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb
 +
tdb> delete DN=@INDEX:NAME:OPENBSD  <---- missing backslash
 +
delete failed
 +
tdb> delete DN=@INDEX:NAME:OPENBSD\
 +
tdb> delete DN=DC=OPENBSD,DC=LIPPMANN.US,CN=MICROSOFTDNS,DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US\

Latest revision as of 15:02, 26 July 2017

Internal dns

editing the internal dns database by hand

The samba4 internal dns server used to have a bug where in specific circumstances multiple database entries could get added for the same host. see here for others experiencing the same When this happens, the relevant dns host can resolve with a dns query, but the entries are not shown in the RSAT gui, nor via sambatool. They can't be edited, removed or updated with the common administration tools. The fix is to remove the database entries by hand, and then recreate them via normal means. Removing the duplicate entries requires using tdb to find the relevant entries and then remove them.

in my case I have a hostname 'openbsd' resolving to address 192.168.1.14. It resolves fine, but does not show up with the RSAT DNS snap-in or with samba-tool A queries so can't be updated/removed/modified from there.

# host openbsd
openbsd.lippmann.us has address 192.168.1.14

Below paths assume samba4 is installed from source and so has /usr/local paths. If installed via a package, the relevant database and binary files are in /usr/share/samba etc. instead.

To edit the tdb database by hand I use tdbtool, provided with the samba install.

/usr/local/samba/bin/tdbtool
# cd /usr/local/samba/private/sam.ldb.d
# tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb
tdb>?
tdbtool:
 create    dbname     : create a database
 open      dbname     : open an existing database
 transaction_start    : start a transaction
 transaction_commit   : commit a transaction
 transaction_cancel   : cancel a transaction
 erase                : erase the database
 dump                 : dump the database as strings
 keys                 : dump the database keys as strings
 hexkeys              : dump the database keys as hex values
 info                 : print summary info about the database
 insert    key  data  : insert a record
 move      key  file  : move a record to a destination tdb
 store     key  data  : store a record (replace)
 show      key        : show a record by key
 delete    key        : delete a record by key
 list                 : print the database hash table and freelist
 free                 : print the database freelist
 freelist_size        : print the number of records in the freelist
 check                : check the integrity of an opened database
 repack               : repack the database
 speed                : perform speed tests on the database
 ! command            : execute system command
 1 | first            : print the first record
 n | next             : print the next record
 q | quit             : terminate
 \n                   : repeat 'next' command
 tdb>quit
#

Run the keys command to get all the database entries. Save the output to a text file.

tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb keys >/tmp/dns_keys

Search for the keys output for entries that include the name openbsd. I get these two:

#grep -i openbsd /tmp/dns_keys
key 81 bytes: DN=DC=OPENBSD,DC=LIPPMANN.US,CN=MICROSOFTDNS,DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US
key 23 bytes: DN=@INDEX:NAME:OPENBSD
#

Now remove them. It's important to add a backslash to the end of the keys.

tdbtool DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US.ldb
tdb> delete DN=@INDEX:NAME:OPENBSD   <---- missing backslash
delete failed
tdb> delete DN=@INDEX:NAME:OPENBSD\
tdb> delete DN=DC=OPENBSD,DC=LIPPMANN.US,CN=MICROSOFTDNS,DC=DOMAINDNSZONES,DC=LIPPMANN,DC=US\