Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: [Samba] Samba 4 internal DNS - how to modify SOA record
1,277 views
Skip to first unread message
Rustam K.
Aug 6, 2013, 5:40:02 PM8/6/13
to
Hello,
I have the very same problem, does anybody know a way?
I am thinking of converting to BIND, modifying and then converting it back
to Internal DNS implementation.
>>>>
Hello.
How could one modify a SOA record in rc3? For example, NS part (not NS
record) of SOA record points to an absent Windows server. This
effectively breaks DNS updates, since there is no such server and if
corresponding A record is added, update requests from clients will
come unsigned.
Editing it directly via LDAP breaks Samba (some sort of
checksum/hash?) MMC snap-in says "Zone not loaded by DNS server", so
it is not possible to use it either. samba-tool dns add|delete|update
can't operate on SOA record.
Maybe someone could give a link to some document describing dnsRecord,
so one could forge a valid record and just change dnsRecord in DC=@
using some LDAP tool?
Thanks in advance.
--
Best regards,
Dmitry Khromov
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I have the very same problem, does anybody know a way?
I am thinking of converting to BIND, modifying and then converting it back
to Internal DNS implementation.
>>>>
Hello.
How could one modify a SOA record in rc3? For example, NS part (not NS
record) of SOA record points to an absent Windows server. This
effectively breaks DNS updates, since there is no such server and if
corresponding A record is added, update requests from clients will
come unsigned.
Editing it directly via LDAP breaks Samba (some sort of
checksum/hash?) MMC snap-in says "Zone not loaded by DNS server", so
it is not possible to use it either. samba-tool dns add|delete|update
can't operate on SOA record.
Maybe someone could give a link to some document describing dnsRecord,
so one could forge a valid record and just change dnsRecord in DC=@
using some LDAP tool?
Thanks in advance.
--
Best regards,
Dmitry Khromov
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Dmitry Khromov
Aug 6, 2013, 6:00:02 PM8/6/13
to
>> How could one modify a SOA record in rc3? For example, NS part (not NS record) of SOA record points to an absent Windows server. This effectively breaks DNS updates, since there is no such server and if corresponding A record is added, update requests from clients will come unsigned.
>> Editing it directly via LDAP breaks Samba (some sort of checksum/hash?) MMC snap-in says "Zone not loaded by DNS server", so it is not possible to use it either. samba-tool dns add|delete|update can't operate on SOA record.
>> Maybe someone could give a link to some document describing dnsRecord, so one could forge a valid record and just change dnsRecord in DC=@ using some LDAP tool?
>
>> Editing it directly via LDAP breaks Samba (some sort of checksum/hash?) MMC snap-in says "Zone not loaded by DNS server", so it is not possible to use it either. samba-tool dns add|delete|update can't operate on SOA record.
>> Maybe someone could give a link to some document describing dnsRecord, so one could forge a valid record and just change dnsRecord in DC=@ using some LDAP tool?
>
> I have the very same problem, does anybody know a way?
> I am thinking of converting to BIND, modifying and then converting it
> back to Internal DNS implementation.
I doubt that will do the job. As I recall, I forged the dnsRecord
> I am thinking of converting to BIND, modifying and then converting it
> back to Internal DNS implementation.
manually (record's structure description could be found on the MSDN) and
ldbmodify'ed the corresponding ldb on every DC (Samba should not be
run). Alternatively, you may just capture the conversation between Samba
and MMC snap-in - the value you need is being sent in clear text.
Regards,
- Dmitry
Matthieu Patou
Aug 7, 2013, 12:10:02 AM8/7/13
to
On 08/06/2013 02:34 PM, Rustam K. wrote:
> Hello,
>
> I have the very same problem, does anybody know a way?
> I am thinking of converting to BIND, modifying and then converting it back
> to Internal DNS implementation.
Did you had a look at samba-tool dns update to do this ?
> Hello,
>
> I have the very same problem, does anybody know a way?
> I am thinking of converting to BIND, modifying and then converting it back
> to Internal DNS implementation.
Kai has a good experience in DNS related things in Samba I just put him
in this thread just in case he has some insights.
Matthieu.
>
>
> Hello.
> How could one modify a SOA record in rc3? For example, NS part (not NS
> record) of SOA record points to an absent Windows server. This
> effectively breaks DNS updates, since there is no such server and if
> corresponding A record is added, update requests from clients will
> come unsigned.
> Editing it directly via LDAP breaks Samba (some sort of
> checksum/hash?) MMC snap-in says "Zone not loaded by DNS server", so
> it is not possible to use it either. samba-tool dns add|delete|update
> can't operate on SOA record.
> Maybe someone could give a link to some document describing dnsRecord,
> so one could forge a valid record and just change dnsRecord in DC=@
> using some LDAP tool?
>
> Thanks in advance.
--
Matthieu Patou
>
> Hello.
> How could one modify a SOA record in rc3? For example, NS part (not NS
> record) of SOA record points to an absent Windows server. This
> effectively breaks DNS updates, since there is no such server and if
> corresponding A record is added, update requests from clients will
> come unsigned.
> Editing it directly via LDAP breaks Samba (some sort of
> checksum/hash?) MMC snap-in says "Zone not loaded by DNS server", so
> it is not possible to use it either. samba-tool dns add|delete|update
> can't operate on SOA record.
> Maybe someone could give a link to some document describing dnsRecord,
> so one could forge a valid record and just change dnsRecord in DC=@
> using some LDAP tool?
>
> Thanks in advance.
--
Samba Team
http://samba.org
Rustam K.
Aug 7, 2013, 9:00:04 AM8/7/13
to
Thank you for you emails. Unfortunately samba tool can't update SOA
records.
I'll stick to Dmitry's action plan
Cheers
2013/8/7 Matthieu Patou <m...@samba.org>
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
records.
I'll stick to Dmitry's action plan
Cheers
2013/8/7 Matthieu Patou <m...@samba.org>
Kai Blin
Aug 8, 2013, 4:00:01 AM8/8/13
to
On 2013-08-07 14:56, Rustam K. wrote:
> Thank you for you emails. Unfortunately samba tool can't update SOA
> records.
IIRC that was fixed recently, but you seem to be running 4.0 rc3, if I
> Thank you for you emails. Unfortunately samba tool can't update SOA
> records.
understand the email correctly. That misses a lot of bug fixes, some for
DNS as well.
Cheers,
Kai
--
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
Rustam K.
Aug 8, 2013, 4:10:02 AM8/8/13
to
Hello,
I run samba 4.0.7, samba tool can't do the job, at least help/syntax
doesn't show that I can
Cheers
2013/8/8 Kai Blin <k...@samba.org>
> On 2013-08-07 14:56, Rustam K. wrote:
>
>> Thank you for you emails. Unfortunately samba tool can't update SOA
>> records.
>>
>
> IIRC that was fixed recently, but you seem to be running 4.0 rc3, if I
> understand the email correctly. That misses a lot of bug fixes, some for
> DNS as well.
>
> Cheers,
> Kai
>
> --
> Kai Blin
> Worldforge developer http://www.worldforge.org/
> Wine developer http://wiki.winehq.org/KaiBlin
> Samba team member http://www.samba.org/samba/**team/<http://www.samba.org/samba/team/>
>
--
Rustam
I run samba 4.0.7, samba tool can't do the job, at least help/syntax
doesn't show that I can
Cheers
2013/8/8 Kai Blin <k...@samba.org>
> On 2013-08-07 14:56, Rustam K. wrote:
>
>> Thank you for you emails. Unfortunately samba tool can't update SOA
>> records.
>>
>
> IIRC that was fixed recently, but you seem to be running 4.0 rc3, if I
> understand the email correctly. That misses a lot of bug fixes, some for
> DNS as well.
>
> Cheers,
> Kai
>
> --
> Kai Blin
> Worldforge developer http://www.worldforge.org/
> Wine developer http://wiki.winehq.org/KaiBlin
>
--
Rustam
Kai Blin
Aug 8, 2013, 4:20:02 AM8/8/13
to
On 2013-08-08 10:02, Rustam K. wrote:
> Hello,
> I run samba 4.0.7, samba tool can't do the job, at least help/syntax
> doesn't show that I can
Ah, yes. Apparently this functionality only exists in 4.1 and master, sorry.
> Hello,
> I run samba 4.0.7, samba tool can't do the job, at least help/syntax
> doesn't show that I can
Should you try and run with that the command syntax is
samba-tool dns update SOA "fqdn_dns fqdn_email serial refresh retry
expire minimumttl"
HTH,
Kai
--
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
--
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Nico Kadel-Garcia
Aug 8, 2013, 11:30:03 PM8/8/13
to
On Thu, Aug 8, 2013 at 4:14 AM, Kai Blin <k...@samba.org> wrote:
> On 2013-08-08 10:02, Rustam K. wrote:
>>
>> Hello,
>> I run samba 4.0.7, samba tool can't do the job, at least help/syntax
>> doesn't show that I can
>
>
> Ah, yes. Apparently this functionality only exists in 4.1 and master, sorry.
> Should you try and run with that the command syntax is
>
> samba-tool dns update SOA "fqdn_dns fqdn_email serial refresh retry expire
> minimumttl"
>
> HTH,
>
> Kai
Rustam, I do hope that if you're manipulating your SOA directly, that
> On 2013-08-08 10:02, Rustam K. wrote:
>>
>> Hello,
>> I run samba 4.0.7, samba tool can't do the job, at least help/syntax
>> doesn't show that I can
>
>
> Ah, yes. Apparently this functionality only exists in 4.1 and master, sorry.
> Should you try and run with that the command syntax is
>
> samba-tool dns update SOA "fqdn_dns fqdn_email serial refresh retry expire
> minimumttl"
>
> HTH,
>
> Kai
you've actually looked up the guidelines for manipulating them? Just
so you don't get surprised by things like the wraparound values for
the serial numbers, or what reasonable values are for TTL's.
Rustam K.
Aug 9, 2013, 3:50:02 AM8/9/13
to
Hi,
thanks for the follow up.
I found the SOA record via ADSI edit :
DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local
DC=@,DC=_msdcs.officenet.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=officenet,DC=local
there are two of them,and every one of them has attribute dnsRecord which
is in hex, and it has string "srv-alfa" (apart from hostmaster email ttl
etc) which I need to change to "alfadc"
4E 00 06 00 05 F0 00 00 BE 00 00 00 00 00 00 00 00 00 00 00 1C 30 37 00 00
00 00 BE 00 00 03 84 00 00 02 58 00 01 51 80 00 00 00 00 1A 03 08 73 72 76
2D 61 6C 66 61 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 1C 03 0A
68 6F 73 74 6D 61 73 74 65 72 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61
6C 00
This is where I am headed, and I'll try not to screw it up.
Cheers
2013/8/9 Nico Kadel-Garcia <nka...@gmail.com>
> On Thu, Aug 8, 2013 at 4:14 AM, Kai Blin <k...@samba.org> wrote:
> > On 2013-08-08 10:02, Rustam K. wrote:
> >>
> >> Hello,
> >> I run samba 4.0.7, samba tool can't do the job, at least help/syntax
> >> doesn't show that I can
> >
> >
> > Ah, yes. Apparently this functionality only exists in 4.1 and master,
> sorry.
> > Should you try and run with that the command syntax is
> >
> > samba-tool dns update SOA "fqdn_dns fqdn_email serial refresh retry
> expire
> > minimumttl"
> >
> > HTH,
> >
> > Kai
>
> Rustam, I do hope that if you're manipulating your SOA directly, that
> you've actually looked up the guidelines for manipulating them? Just
> so you don't get surprised by things like the wraparound values for
> the serial numbers, or what reasonable values are for TTL's.
>
--
Rustam
thanks for the follow up.
I found the SOA record via ADSI edit :
DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local
DC=@,DC=_msdcs.officenet.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=officenet,DC=local
there are two of them,and every one of them has attribute dnsRecord which
is in hex, and it has string "srv-alfa" (apart from hostmaster email ttl
etc) which I need to change to "alfadc"
4E 00 06 00 05 F0 00 00 BE 00 00 00 00 00 00 00 00 00 00 00 1C 30 37 00 00
00 00 BE 00 00 03 84 00 00 02 58 00 01 51 80 00 00 00 00 1A 03 08 73 72 76
2D 61 6C 66 61 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 1C 03 0A
68 6F 73 74 6D 61 73 74 65 72 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61
6C 00
This is where I am headed, and I'll try not to screw it up.
Cheers
2013/8/9 Nico Kadel-Garcia <nka...@gmail.com>
> On Thu, Aug 8, 2013 at 4:14 AM, Kai Blin <k...@samba.org> wrote:
> > On 2013-08-08 10:02, Rustam K. wrote:
> >>
> >> Hello,
> >> I run samba 4.0.7, samba tool can't do the job, at least help/syntax
> >> doesn't show that I can
> >
> >
> > Ah, yes. Apparently this functionality only exists in 4.1 and master,
> sorry.
> > Should you try and run with that the command syntax is
> >
> > samba-tool dns update SOA "fqdn_dns fqdn_email serial refresh retry
> expire
> > minimumttl"
> >
> > HTH,
> >
> > Kai
>
> Rustam, I do hope that if you're manipulating your SOA directly, that
> you've actually looked up the guidelines for manipulating them? Just
> so you don't get surprised by things like the wraparound values for
> the serial numbers, or what reasonable values are for TTL's.
>
--
Rustam K.
Aug 9, 2013, 10:50:02 AM8/9/13
to
I thought I would update this email thread. So far editing the records via
ADSI messes up ldb database, if you do that zones won't load anymore, just
like Dmitry stated in his first email.
I had to revert to a snapshot to get samba back, up and running.
I am curious If I have to modify record manually via ldbmodify(ldbedit),
would it understand hex/binary?
because when I run ldbedit it shows me nothing compared to hex in my
previous email, what is this format?
# record 50
dn: DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local
objectClass: top
objectClass: dnsNode
..... (cut)
dnsRecord:: BAABAAXwAAB6AAAAAAADhAAAAAAAAAAAwKj6Aw==
dnsRecord:: BAABAAXwAABuAAAAAAACWAAAAAAAAAAAwKj6Bg==
dnsRecord:: GwACAAXwAAB6AAAAAAAAAAAAAAAjKzcAGQMHc3J2LXdpbglvZmZpY2VuZXQFbG9jYW
wA
dnsRecord:: GgACAAXwAACGAAAAAAADhAAAAAArtw0IGAMGYWxmYWRjCW9mZmljZW5ldAVsb2NhbA
A=
dnsRecord:: TgAGAAXwAAC9AAAAAAAAAAAAAAAYMDcAAAAAvQAAA4QAAAJYAAFRgAAAAAAaAwhzcn
YtYWxmYQlvZmZpY2VuZXQFbG9jYWwAHAMKaG9zdG1hc3RlcglvZmZpY2VuZXQFbG9jYWwA
Cheers
2013/8/9 Rustam K. <rkov...@gmail.com>
ADSI messes up ldb database, if you do that zones won't load anymore, just
like Dmitry stated in his first email.
I had to revert to a snapshot to get samba back, up and running.
I am curious If I have to modify record manually via ldbmodify(ldbedit),
would it understand hex/binary?
because when I run ldbedit it shows me nothing compared to hex in my
previous email, what is this format?
# record 50
dn: DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local
objectClass: top
objectClass: dnsNode
..... (cut)
dnsRecord:: BAABAAXwAAB6AAAAAAADhAAAAAAAAAAAwKj6Aw==
dnsRecord:: BAABAAXwAABuAAAAAAACWAAAAAAAAAAAwKj6Bg==
dnsRecord:: GwACAAXwAAB6AAAAAAAAAAAAAAAjKzcAGQMHc3J2LXdpbglvZmZpY2VuZXQFbG9jYW
wA
dnsRecord:: GgACAAXwAACGAAAAAAADhAAAAAArtw0IGAMGYWxmYWRjCW9mZmljZW5ldAVsb2NhbA
A=
dnsRecord:: TgAGAAXwAAC9AAAAAAAAAAAAAAAYMDcAAAAAvQAAA4QAAAJYAAFRgAAAAAAaAwhzcn
YtYWxmYQlvZmZpY2VuZXQFbG9jYWwAHAMKaG9zdG1hc3RlcglvZmZpY2VuZXQFbG9jYWwA
Cheers
2013/8/9 Rustam K. <rkov...@gmail.com>
Rustam K.
Oct 14, 2013, 2:20:02 AM10/14/13
to
Hey guys,
Just wanted to update this thread, I upgrade my samba installation to 4.1
and updated SOA record. Now dynamic DNS works fine for me!! Thanks for
implementing the feature!!!
Cheers!!
2013/8/9 Rustam K. <rkov...@gmail.com>
Just wanted to update this thread, I upgrade my samba installation to 4.1
and updated SOA record. Now dynamic DNS works fine for me!! Thanks for
implementing the feature!!!
Cheers!!
2013/8/9 Rustam K. <rkov...@gmail.com>
Jacó Ramos
Oct 14, 2013, 6:40:02 AM10/14/13
to
Hi, guys...
What line command for modify SOA record?
Thanks!
Jacó Ramos
2013/10/14 Rustam K. <rkov...@gmail.com>
--
*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*
- Perito Forense Computacional
- Pentester
- Esp. em Segurança de Redes de Computadores com enfâse a Perícia
Forense Computacional - FACID
- Bacharel em Ciência da Computação - UESPI
- Administrador de Redes de Computadores
- CCNA Modulo II
- Lattes: *http://lattes.cnpq.br/1591329268136905*
Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.
What line command for modify SOA record?
Thanks!
Jacó Ramos
2013/10/14 Rustam K. <rkov...@gmail.com>
*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*
- Perito Forense Computacional
- Pentester
- Esp. em Segurança de Redes de Computadores com enfâse a Perícia
Forense Computacional - FACID
- Bacharel em Ciência da Computação - UESPI
- Administrador de Redes de Computadores
- CCNA Modulo II
- Lattes: *http://lattes.cnpq.br/1591329268136905*
Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.
Rustam K.
Oct 16, 2013, 1:10:03 PM10/16/13
to
Hi,
You can use samba-tool or you can use Microsoft DNS mmc to update SOA
record.
2013/10/14 Jacó Ramos <j4c0...@gmail.com>
Jacó Ramos
Oct 16, 2013, 5:30:02 PM10/16/13
to
What line command to update record SOA with samba-tool?
Thanks!
Jacó Ramos
2013/10/16 Rustam K. <rkov...@gmail.com>
Thanks!
Jacó Ramos
2013/10/16 Rustam K. <rkov...@gmail.com>
0 new messages