[Samba] DomainDnsZone Replication Shows 200,000 Objects
Günter Kukkukk
linux at kukkukk.com
Tue Dec 24 22:15:23 MST 2013
Am 22.12.2013 10:56, schrieb Andrew Bartlett:
> On Fri, 2013-12-20 at 12:44 -0500, lp101 wrote:
>> During the samba domain join process I see over 200,000+ objects
>> that need to be replicated. This takes several hours to complete if at
>> all. I don't believe this to be correct. I'm currently running Samba
>> 4.1.0 on several DC's across a couple sites. Tried to join a new DC
>> using Samba4.1.0 as well but it failed with an error code similar to the
>> one found here
>>
>> https://lists.samba.org/archive/samba/2013-October/176237.html.
>>
>> Reverted back to a 4.0.9 build and it completed the join process
>> without this error. I would like to join another DC but it takes an
>> excessive amount of time to replicate the DomainDnsZone partition. I
>> can't fathom this containing 200,000+ objects. My domain consist of
>> approximately 125 users and 150 machines. Thanks for any help.
>
> A flawed fix was introduced and reviewed into our internal DNS server a
> few months ago, purporting to fix issues with clients not being able to
> update their DNS records.
>
> The fix caused the create of a new deleted record for every DNS
> transaction, even one that should have had no impact on the database
> (same IP).
>
> The only workaround to avoid creating more is to change from the
> internal DNS server to the BIND9 DLZ module, but this won't fix the
> issue with having a database that is drowning in deleted records. We
> don't have a tool to purge these at this time, and by default they will
> be kept for 6 months.
>
> We do realise we are going to have to come up with a better fix, but
> sadly nobody has yet proposed a patch to do this properly. (We should
> probably at least revert the one that was put in).
Hi Andrew,
why do you throw such info
"We should probably at least revert the one that was put in"
knowing that the former version without that patch "was NOT working at ALL"!
In case you missed those long discussions about that failure those days,
please just DO NOT COMMENT!
I was _not_ aware about the (somewhat hidden) "tombstone" problem those days.
(neither was Kai .... or others)
And btw - I'm not completely sure whether the DLZ dns implementation is
working right in this area ...
Achim Gottinger <achim at ag-web.biz> brought this to my/our attention:
https://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx?Redirected=true
I think - worth reading...
At least samba should behave "as friendly as possible" regarding deleted dns entries.
Looking at that (...o_o ..) code for days now.
Cheers, Günter
More information about the samba
mailing list