Bug 13421 - Active Directory: cannot view DNS sub-domain CNAME entry Microsoft "Active Directory Users and Computers" snap-in
Summary: Active Directory: cannot view DNS sub-domain CNAME entry Microsoft "Active Di...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.8.1
Hardware: All Linux
: P3 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2018-05-07 01:54 UTC by Pancho
Modified: 2018-05-07 08:20 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Pancho 2018-05-07 01:54:26 UTC
root@dc1:~ # samba-tool dns query localhost ct.dummy.co.za qa ALL -U administrator
Cannot do GSSAPI to an IP address
Password for [CT\administrator]:
  Name=, Records=1, Children=0
    A: (flags=f0, serial=110, ttl=3600)
  Name=biz, Records=1, Children=0
    CNAME: qa.ct.dummy.co.za. (flags=f0, serial=12, ttl=3600)
  Name=discovery, Records=0, Children=0
  Name=embed, Records=1, Children=0
    CNAME: qa.ct.dummy.co.za. (flags=f0, serial=13, ttl=3600)
  Name=pub, Records=1, Children=0
    CNAME: qa.ct.dummy.co.za. (flags=f0, serial=16, ttl=3600)
  Name=www, Records=1, Children=0
    CNAME: qa.ct.dummy.co.za. (flags=f0, serial=31, ttl=3600)

I created "discovery" as a CNAME of the server called qa.ct.dummy.co.za in the same way as the others (via the snap-in), but...

1. I cannot see "discovery" in the snap-in list (I see it shows no records and no children unlike the others)
2. If I try and add "discovery" again via the snap-in it says already exists

Because I cannot see it in the snap-in, I cannot delete it via the snap-in.

So there are 2 issues that are problemetic:
A. why can't I see it in the ms snap-in like the others; and
B. I can't find any way to get rid of the entry using Samba so that I can re-add it (hopefully successfully)
Comment 1 Pancho 2018-05-07 08:08:33 UTC
I should probably mention that even though "invisible" within the snap-in, DNS resolution does appear to still work for discovery.qa.ct.dummy.co.za

>nslookup discovery.qa.ct.dummy.co.za
Server:  dc1.ct.dummy.co.za

Name:    qa.ct.dummy.co.za
Aliases:  discovery.qa.ct.dummy.co.za