13590 – Demote deletes root records if deleted DC shares root IP

Bug 13590 - Demote deletes root records if deleted DC shares root IP

Summary: Demote deletes root records if deleted DC shares root IP

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.8.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-08-22 05:45 UTC by Aaron Haslett (dead mail address)
Modified:	2018-08-22 05:45 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aaron Haslett (dead mail address) 2018-08-22 05:45:59 UTC

Reproduce by doing the following:
* Provision a root DC and start it
* Join two DCs with "samba-tool domain join" using the --targetdir option
* Run "host" command with the domain name passed to the provision command
* Demote one of them with on samba-tool domain demote --remove-other-dead-server
* Run "host" command again with the same domain name

First host command will return the name resolution as expected.
Second host command will return nothing but will exit with code 0.  If you use 'dig' you'll see there is a response with an authority section but no answer.  Looking at ldap it seems the demote process causes root records to be tombstoned (deleted, basically).  This happens because the remove_dns_references function assumes that each DC will have its own IP, so it removes all records with references to the IP of the DC being demoted.

For now I'm working around this problem by adding an option for the "join --targetdir" workflow allowing the user to override the IP of the new DC.  This shouldn't come up in the field since no one creates a second DC on the same machine as the root (or if they do they use VMs).