Re: [Samba] Clients no longer updating DNS unable to delete MX records
On Thu, Mar 21, 2013 at 2:21 PM, Thomas Simmons twsn...@gmail.com wrote: On Wed, Mar 20, 2013 at 3:29 PM, Thomas Simmons twsn...@gmail.com wrote: On Wed, Mar 20, 2013 at 9:05 AM, Thomas Simmons twsn...@gmail.com wrote: Hello, After noticing some odd behavior on my domain, I realized that many of my DNS records are incorrect and that clients are no longer properly updating DNS. While looking into this, I also discovered that I am unable to delete MX records via AD DNS Manager or samba-tool. Both tools see the record but report it does not exist when I attempt to delete it. I can create new MX records, but cannot delete them. I can create and delete both A and CNAME records. The same behavior occurs under all zones. I can create and delete new forward lookup zones. [root@ADC1 log]# samba-tool dns query adc1 internal.testdom.com mailsrv MX GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:adc1[,sign] Name=, Records=3, Children=0 MX: mailsrv.internal.testdom.com. (10) (flags=f0, serial=4, ttl=900) [root@ADC1 log]# samba-tool dns delete adc1 internal.testdom.com mailsrv MX 'mailsrv.internal.testdom.com 10' GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:adc1[,sign] ERROR(runtime): uncaught exception - (9701, 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py, line 1169, in run del_rec_buf) With log level = 10, when attempting to deleting the record, it appears to find it, but reports it doesn't exist anyway. Has anyone seen this behavior before? The last DNS update was nearly 2 weeks ago and I am not aware of anything that happened around that time that would have triggered this. I don't know it this MX problem and the clients being unable to update DNS are related. [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_request: SEARCH dn: DC=internal.testdom.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com scope: one expr: ((objectClass=dnsNode)(name=mailsrv)) attr: dnsRecord control: NONE [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_request: (resolve_oids)-search ... ... ... [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_response: ENTRY dn: DC=mailsrv,DC=internal.testdom.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com dnsRecord:: IgAPAAXwAAAEAAADhAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX lzZXMDY29tAA== dnsRecord:: EAAPAAXwAAA+AADcIjcAAAoMAgZnb29nbGUDY29tAA== dnsRecord:: IgAPAAXwAAAEAAADhAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX lzZXMDY29tAA== [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_response: DONE error: 0 [2013/03/20 13:52:20, 1, pid=2064, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:282(ndr_print_function_debug) DnssrvUpdateRecord2: struct DnssrvUpdateRecord2 out: struct DnssrvUpdateRecord2 result : WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST It looks like the last DNS update occurred on March 7th. I restored a backup from March 5th to a sandbox environment and it's displaying the same behavior. I then restored a December backup (taken just after performing the classicupgrade) and do not have the problem. I'm not sure what would be the best way to recover from this. Is there anyway to reset DNS? Apart from that, all I can think to do is start at March 4th and restore each backup until the problem goes away. Would it be possible to restore AD (minus DNS) once this is done? The last time a client successfully updated DNS was Mar 7 17:58:08: Mar 7 17:58:08 ADC1 named[977]: samba_dlz: starting transaction on zone internal.testdom.com Mar 7 17:58:08 ADC1 named[977]: samba_dlz: allowing update of signer=aspire\$\@INTERNAL.TESTDOM.COM name=ASPIRE.internal.testdom.com
Re: [Samba] Clients no longer updating DNS unable to delete MX records
On Wed, Mar 20, 2013 at 3:29 PM, Thomas Simmons twsn...@gmail.com wrote: On Wed, Mar 20, 2013 at 9:05 AM, Thomas Simmons twsn...@gmail.com wrote: Hello, After noticing some odd behavior on my domain, I realized that many of my DNS records are incorrect and that clients are no longer properly updating DNS. While looking into this, I also discovered that I am unable to delete MX records via AD DNS Manager or samba-tool. Both tools see the record but report it does not exist when I attempt to delete it. I can create new MX records, but cannot delete them. I can create and delete both A and CNAME records. The same behavior occurs under all zones. I can create and delete new forward lookup zones. [root@ADC1 log]# samba-tool dns query adc1 internal.testdom.com mailsrv MX GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:adc1[,sign] Name=, Records=3, Children=0 MX: mailsrv.internal.testdom.com. (10) (flags=f0, serial=4, ttl=900) [root@ADC1 log]# samba-tool dns delete adc1 internal.testdom.com mailsrv MX 'mailsrv.internal.testdom.com 10' GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:adc1[,sign] ERROR(runtime): uncaught exception - (9701, 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py, line 1169, in run del_rec_buf) With log level = 10, when attempting to deleting the record, it appears to find it, but reports it doesn't exist anyway. Has anyone seen this behavior before? The last DNS update was nearly 2 weeks ago and I am not aware of anything that happened around that time that would have triggered this. I don't know it this MX problem and the clients being unable to update DNS are related. [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_request: SEARCH dn: DC=internal.testdom.com ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com scope: one expr: ((objectClass=dnsNode)(name=mailsrv)) attr: dnsRecord control: NONE [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_request: (resolve_oids)-search ... ... ... [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_response: ENTRY dn: DC=mailsrv,DC=internal.testdom.com ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com dnsRecord:: IgAPAAXwAAAEAAADhAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX lzZXMDY29tAA== dnsRecord:: EAAPAAXwAAA+AADcIjcAAAoMAgZnb29nbGUDY29tAA== dnsRecord:: IgAPAAXwAAAEAAADhAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX lzZXMDY29tAA== [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_response: DONE error: 0 [2013/03/20 13:52:20, 1, pid=2064, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:282(ndr_print_function_debug) DnssrvUpdateRecord2: struct DnssrvUpdateRecord2 out: struct DnssrvUpdateRecord2 result : WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST It looks like the last DNS update occurred on March 7th. I restored a backup from March 5th to a sandbox environment and it's displaying the same behavior. I then restored a December backup (taken just after performing the classicupgrade) and do not have the problem. I'm not sure what would be the best way to recover from this. Is there anyway to reset DNS? Apart from that, all I can think to do is start at March 4th and restore each backup until the problem goes away. Would it be possible to restore AD (minus DNS) once this is done? The last time a client successfully updated DNS was Mar 7 17:58:08: Mar 7 17:58:08 ADC1 named[977]: samba_dlz: starting transaction on zone internal.testdom.com Mar 7 17:58:08 ADC1 named[977]: samba_dlz: allowing update of signer=aspire\$\@INTERNAL.TESTDOM.COM name=ASPIRE.internal.testdom.comtcpaddr= type= key=... Mar 7 17:58:08 ADC1 named[977]: samba_dlz: allowing update of
[Samba] Clients no longer updating DNS unable to delete MX records
Hello, After noticing some odd behavior on my domain, I realized that many of my DNS records are incorrect and that clients are no longer properly updating DNS. While looking into this, I also discovered that I am unable to delete MX records via AD DNS Manager or samba-tool. Both tools see the record but report it does not exist when I attempt to delete it. I can create new MX records, but cannot delete them. I can create and delete both A and CNAME records. The same behavior occurs under all zones. I can create and delete new forward lookup zones. [root@ADC1 log]# samba-tool dns query adc1 internal.testdom.com mailsrv MX GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:adc1[,sign] Name=, Records=3, Children=0 MX: mailsrv.internal.testdom.com. (10) (flags=f0, serial=4, ttl=900) [root@ADC1 log]# samba-tool dns delete adc1 internal.testdom.com mailsrv MX 'mailsrv.internal.testdom.com 10' GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:adc1[,sign] ERROR(runtime): uncaught exception - (9701, 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py, line 1169, in run del_rec_buf) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Clients no longer updating DNS unable to delete MX records
On Wed, Mar 20, 2013 at 9:05 AM, Thomas Simmons twsn...@gmail.com wrote: Hello, After noticing some odd behavior on my domain, I realized that many of my DNS records are incorrect and that clients are no longer properly updating DNS. While looking into this, I also discovered that I am unable to delete MX records via AD DNS Manager or samba-tool. Both tools see the record but report it does not exist when I attempt to delete it. I can create new MX records, but cannot delete them. I can create and delete both A and CNAME records. The same behavior occurs under all zones. I can create and delete new forward lookup zones. [root@ADC1 log]# samba-tool dns query adc1 internal.testdom.com mailsrv MX GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:adc1[,sign] Name=, Records=3, Children=0 MX: mailsrv.internal.testdom.com. (10) (flags=f0, serial=4, ttl=900) [root@ADC1 log]# samba-tool dns delete adc1 internal.testdom.com mailsrv MX 'mailsrv.internal.testdom.com 10' GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:adc1[,sign] ERROR(runtime): uncaught exception - (9701, 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py, line 1169, in run del_rec_buf) With log level = 10, when attempting to deleting the record, it appears to find it, but reports it doesn't exist anyway. Has anyone seen this behavior before? The last DNS update was nearly 2 weeks ago and I am not aware of anything that happened around that time that would have triggered this. I don't know it this MX problem and the clients being unable to update DNS are related. [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_request: SEARCH dn: DC=internal.testdom.com ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com scope: one expr: ((objectClass=dnsNode)(name=mailsrv)) attr: dnsRecord control: NONE [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_request: (resolve_oids)-search ... ... ... [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_response: ENTRY dn: DC=mailsrv,DC=internal.testdom.com ,CN=MicrosoftDNS,DC=DomainDnsZones,DC=internal,DC=testdom,DC=com dnsRecord:: IgAPAAXwAAAEAAADhAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX lzZXMDY29tAA== dnsRecord:: EAAPAAXwAAA+AADcIjcAAAoMAgZnb29nbGUDY29tAA== dnsRecord:: IgAPAAXwAAAEAAADhAALIDcAAAoeBAdtYWlsc3J2CGludGVybmFsB7G4YX lzZXMDY29tAA== [2013/03/20 13:52:20, 5, pid=2064, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: ldb_trace_response: DONE error: 0 [2013/03/20 13:52:20, 1, pid=2064, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:282(ndr_print_function_debug) DnssrvUpdateRecord2: struct DnssrvUpdateRecord2 out: struct DnssrvUpdateRecord2 result : WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
