[Samba] internal dns server deletes and re-creates entries, leaving deleted objects

Andrew Bartlett abartlet at samba.org
Wed Nov 27 20:55:43 MST 2013


On Mon, 2013-10-21 at 23:38 +0000, dahopkins at comcast.net wrote:
> 
> ----- Original Message -----
> On Mon, 2013-10-21 at 23:19 +0000, dahopkins at comcast.net wrote:
> > Andrew,
> > 
> > Here is the last part of the output from the ldbsearch command.  It appears that DNS is still growing rapidly and is being replicated across the servers.
> > 
> > ---------------------------------------------------------------------------------------------------------------------
> > 
> > # record 117569
> > dn: DC=NCS-FINANCE\0ADEL:17f969f3-ef19-4c8a-9d27-fa802257678b,CN=Deleted Objects,DC=DomainDnsZones,DC=ncs,DC=k12,DC=de,DC=us
> > objectClass: top
> > objectClass: dnsNode
> > instanceType: 4
> > whenCreated: 20130831222333.0Z
> > uSNCreated: 25571
> > objectGUID: 17f969f3-ef19-4c8a-9d27-fa802257678b
> > isDeleted: TRUE
> > lastKnownParent: DC=ncs.k12.de.us,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ncs,DC=
> >  k12,DC=de,DC=us
> > isRecycled: TRUE
> > dc:: TkNTLUZJTkFOQ0UKREVMOjE3Zjk2OWYzLWVmMTktNGM4YS05ZDI3LWZhODAyMjU3Njc4Yg==
> > name:: TkNTLUZJTkFOQ0UKREVMOjE3Zjk2OWYzLWVmMTktNGM4YS05ZDI3LWZhODAyMjU3Njc4Yg=
> >  =
> > whenChanged: 20130831232332.0Z
> > uSNChanged: 25584
> > distinguishedName: DC=NCS-FINANCE\0ADEL:17f969f3-ef19-4c8a-9d27-fa802257678b,C
> >  N=Deleted Objects,DC=DomainDnsZones,DC=ncs,DC=k12,DC=de,DC=us
> > 
> > # returned 117569 records
> > # 117569 entries
> > # 0 referrals
> > 
> > So .. is there a way to clean up the DNS issues without wiping the servers? I did not get exactly the same results on both samba4 AD DC's. One server reported 117569 records, the other 117562. Could be a timing issue given how quickly the database is growing?
> > 
> > We didn't even build our samba4 domain until approximately Aug 24/2013 so definitely after the commit date.
> > 
> > Sincerely,
> > Dave Hopkins
> > 
> 
> >In the short term, can you try and use DLZ_BIND9 until we can sort this
> >out in the internal server?  Then we can look at trying to expire these
> >tombstones. 
> 
> We can try. Are we sure that the conversion from internal to external DNS will be ok?  Given the other issues we are facing, I'm extremely leery of completely losing everything. We'll backup the samba/private directories, and other key config files before the attempt. I'm assuming that if it goes badly, I could then just restore those directories and config files and restart samba.
> 
> We could also (time consuming but do-able) assign static IP addresses though not sure this would resolve anything.

I've asked Garming (my intern here at Catalyst IT) to have a look into
this, but he can't reproduce this with nsupdate -g.  

Can you get me a network trace of the traffic that causes the extra
entries so we can try and reproduce and fix it?

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba mailing list