[Samba] internal dns server deletes and re-creates entries, leaving deleted objects

Garming Sam garming at catalyst.net.nz
Wed Nov 27 21:15:33 MST 2013

On 28/11/13 16:55, Andrew Bartlett wrote:
> On Mon, 2013-10-21 at 23:38 +0000, dahopkins at comcast.net wrote:
>> ----- Original Message -----
>> On Mon, 2013-10-21 at 23:19 +0000, dahopkins at comcast.net wrote:
>>> Andrew,
>>> Here is the last part of the output from the ldbsearch command.  It appears that DNS is still growing rapidly and is being replicated across the servers.
>>> ---------------------------------------------------------------------------------------------------------------------
>>> # record 117569
>>> dn: DC=NCS-FINANCE\0ADEL:17f969f3-ef19-4c8a-9d27-fa802257678b,CN=Deleted Objects,DC=DomainDnsZones,DC=ncs,DC=k12,DC=de,DC=us
>>> objectClass: top
>>> objectClass: dnsNode
>>> instanceType: 4
>>> whenCreated: 20130831222333.0Z
>>> uSNCreated: 25571
>>> objectGUID: 17f969f3-ef19-4c8a-9d27-fa802257678b
>>> isDeleted: TRUE
>>> lastKnownParent: DC=ncs.k12.de.us,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ncs,DC=
>>>   k12,DC=de,DC=us
>>> isRecycled: TRUE
>>>   =
>>> whenChanged: 20130831232332.0Z
>>> uSNChanged: 25584
>>> distinguishedName: DC=NCS-FINANCE\0ADEL:17f969f3-ef19-4c8a-9d27-fa802257678b,C
>>>   N=Deleted Objects,DC=DomainDnsZones,DC=ncs,DC=k12,DC=de,DC=us
>>> # returned 117569 records
>>> # 117569 entries
>>> # 0 referrals
>>> So .. is there a way to clean up the DNS issues without wiping the servers? I did not get exactly the same results on both samba4 AD DC's. One server reported 117569 records, the other 117562. Could be a timing issue given how quickly the database is growing?
>>> We didn't even build our samba4 domain until approximately Aug 24/2013 so definitely after the commit date.
>>> Sincerely,
>>> Dave Hopkins
>>> In the short term, can you try and use DLZ_BIND9 until we can sort this
>>> out in the internal server?  Then we can look at trying to expire these
>>> tombstones.
>> We can try. Are we sure that the conversion from internal to external DNS will be ok?  Given the other issues we are facing, I'm extremely leery of completely losing everything. We'll backup the samba/private directories, and other key config files before the attempt. I'm assuming that if it goes badly, I could then just restore those directories and config files and restart samba.
>> We could also (time consuming but do-able) assign static IP addresses though not sure this would resolve anything.
> I've asked Garming (my intern here at Catalyst IT) to have a look into
> this, but he can't reproduce this with nsupdate -g.
> Can you get me a network trace of the traffic that causes the extra
> entries so we can try and reproduce and fix it?
> Thanks,
> Andrew Bartlett

Hi there, sorry about that, I managed to reproduce the error. You don't 
have to worry about sending in a network trace anymore. Now that I've 
reproduced it, I'll work with Andrew to fix the issue in the next few days.


Garming Sam

More information about the samba mailing list