Cleaning up old DC DNS records

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Cleaning up old DC DNS records

Samba - General mailing list
Hi, I demoted a running domain controller by running the samba-tool demote
command on the running system to be demoted  and there's still some DNS
entries for the old one kicking around.  It's still listed under _msdcs and
also _kerberos._udp and _ldap._tcp.

Should I manually remove them?  If so, is there a list of spots to look in
for DNS entries of old DCs?

Also, does the fact that these entries weren't removed indicate I had
something misconfigured on the to-be-removed system or I screwed up the
demotion procedures?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Cleaning up old DC DNS records

Samba - General mailing list
On Tue, 2017-09-05 at 18:39 -0400, Patrick Lepore via samba wrote:
> Hi, I demoted a running domain controller by running the samba-tool demote
> command on the running system to be demoted  and there's still some DNS
> entries for the old one kicking around.  It's still listed under _msdcs and
> also _kerberos._udp and _ldap._tcp.
>
> Should I manually remove them?  

Yes.

> If so, is there a list of spots to look in
> for DNS entries of old DCs?

The remove-other-dead-server option looks for records pointing at the
AD record of the demoted DC.

> Also, does the fact that these entries weren't removed indicate I had
> something misconfigured on the to-be-removed system or I screwed up the
> demotion procedures?

No.

If you used the --remove-other-dead-server option, it would have
removed them.  The online removal isn't as complete.

I've scoped out the work (on behalf of a client) to make the dynamic
records expire, to have a cleanup and to make the online cleanup more
thorough, but for now that is how it is.

Sorry,

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Cleaning up old DC DNS records

Samba - General mailing list
Ok, I'll clean up those records manually.

On Wed, Sep 6, 2017 at 5:42 AM, Andrew Bartlett <[hidden email]> wrote:

> On Tue, 2017-09-05 at 18:39 -0400, Patrick Lepore via samba wrote:
> > Hi, I demoted a running domain controller by running the samba-tool
> demote
> > command on the running system to be demoted  and there's still some DNS
> > entries for the old one kicking around.  It's still listed under _msdcs
> and
> > also _kerberos._udp and _ldap._tcp.
> >
> > Should I manually remove them?
>
> Yes.
>
> > If so, is there a list of spots to look in
> > for DNS entries of old DCs?
>
> The remove-other-dead-server option looks for records pointing at the
> AD record of the demoted DC.
>
> > Also, does the fact that these entries weren't removed indicate I had
> > something misconfigured on the to-be-removed system or I screwed up the
> > demotion procedures?
>
> No.
>
> If you used the --remove-other-dead-server option, it would have
> removed them.  The online removal isn't as complete.
>
> I've scoped out the work (on behalf of a client) to make the dynamic
> records expire, to have a cleanup and to make the online cleanup more
> thorough, but for now that is how it is.
>
> Sorry,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/
> services/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba