Some queries in the source4 dns management server did not correctly escape the user-controlled aspect of the LDAP filter.
To be clear, this is not a security issue, as the access is as the authenticated user who could just bind to LDAP directly.
Created attachment 13590 [details] proposed patch for master I just need to stop the samba-tool dns tests from assuming this behaviour before I push this reviewed patch.
Fixed in 9e9a8d8f887a3b13d06a7cc71edad78c140bb0be and also backported to 4.7 in https://bugzilla.samba.org/show_bug.cgi?id=12952