[Samba] DomainDnsZone Replication Shows 200,000 Objects
Andrew Bartlett
abartlet at samba.org
Sun Dec 22 02:56:29 MST 2013
On Fri, 2013-12-20 at 12:44 -0500, lp101 wrote:
> During the samba domain join process I see over 200,000+ objects
> that need to be replicated. This takes several hours to complete if at
> all. I don't believe this to be correct. I'm currently running Samba
> 4.1.0 on several DC's across a couple sites. Tried to join a new DC
> using Samba4.1.0 as well but it failed with an error code similar to the
> one found here
>
> https://lists.samba.org/archive/samba/2013-October/176237.html.
>
> Reverted back to a 4.0.9 build and it completed the join process
> without this error. I would like to join another DC but it takes an
> excessive amount of time to replicate the DomainDnsZone partition. I
> can't fathom this containing 200,000+ objects. My domain consist of
> approximately 125 users and 150 machines. Thanks for any help.
A flawed fix was introduced and reviewed into our internal DNS server a
few months ago, purporting to fix issues with clients not being able to
update their DNS records.
The fix caused the create of a new deleted record for every DNS
transaction, even one that should have had no impact on the database
(same IP).
The only workaround to avoid creating more is to change from the
internal DNS server to the BIND9 DLZ module, but this won't fix the
issue with having a database that is drowning in deleted records. We
don't have a tool to purge these at this time, and by default they will
be kept for 6 months.
We do realise we are going to have to come up with a better fix, but
sadly nobody has yet proposed a patch to do this properly. (We should
probably at least revert the one that was put in).
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list