[Samba] internal dns server deletes and re-creates entries, leaving deleted objects
dahopkins at comcast.net
dahopkins at comcast.net
Mon Oct 21 17:19:09 MDT 2013
Here is the last part of the output from the ldbsearch command. It appears that DNS is still growing rapidly and is being replicated across the servers.
# record 117569
dn: DC=NCS-FINANCE\0ADEL:17f969f3-ef19-4c8a-9d27-fa802257678b,CN=Deleted Objects,DC=DomainDnsZones,DC=ncs,DC=k12,DC=de,DC=us
# returned 117569 records
# 117569 entries
# 0 referrals
So .. is there a way to clean up the DNS issues without wiping the servers? I did not get exactly the same results on both samba4 AD DC's. One server reported 117569 records, the other 117562. Could be a timing issue given how quickly the database is growing?
We didn't even build our samba4 domain until approximately Aug 24/2013 so definitely after the commit date.
----- Original Message -----
On Mon, 2013-10-21 at 10:49 +0000, dahopkins at comcast.net wrote:
> > The number of records indicated in the last email was based on these lines that were returned during the failed samba join. This is the last line of that sequence.
> > Partition[DC=DomainDnsZones,DC=ncs,DC=k12,DC=de,DC=us] objects[94443/94443] linked_values[0/0]
> >These are probably deleted DNS records. Are you using the internal DNS
> >server or bind9_dlz? Either way, find out if this is still growing, we
> >may have an issue we need to work on here.
> We are using the internal DNS server. We have two zones (10.179.0.0/19 and 10.186.0.0/19). After a period of time, DNS quits working one of the servers and at that point authentication (using nslcd/nscd from our linux systems, and we get RPC errors on our Windows domain members) using that server also seems to fail. How can we test if this is still growing?
> Dave Hopkins
Simply check the number of records in the database, say by ldbsearch
--show-deleted -s sub -b DC=DomainDnsZones,DC=ncs,DC=k12,DC=de,DC=us
This looks very much like what Amitay fixed for the BIND9_DLZ backend
Author: Amitay Isaacs <amitay at gmail.com>
Date: Thu Feb 9 10:17:02 2012 +1100
dlz_bind9: Do not remove LDB record in subrdataset and delrdataset
This fixes the problem of large number of deleted records in DNS
partitions due to frequent dynamic dns updates from windows
clients. The typical pattern for dynamic update get converted
into subrdataset() followed by addrdataset(). If there are no
dnsRecord attributes left as a result of sub/delrdataset(),
leave the LDB entry for dns name as is. The subsequent
addrdataset() would add the dnsRecord attribute without
re-creating the same entry.
Do you know if for your use case, the internal DNS server, did it only
start happening after this commit?
This code has logic that shouldn't delete an object when just changing
it's IP, but perhaps something else is wrong. I've CC'ed Kai, the
maintainer of the internal DNS server.
Author: Kai Blin <kai at samba.org>
Date: Sat Jun 1 10:24:11 2013 +0200
dns: Delete dnsNode objects when they are empty
If an update leaves the dnsNode without any entries, the dnsNode
should be deleted. Thanks to Günter Kukkukk for his excellent
work on this one.
This should fix bug #9559
Signed-off-by: Kai Blin <kai at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8b24c43b382740106474e26dec59e1419ba77306)
The last 3 patches address bug #9559 - Only initial signed DNS
update for a
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Mon Jun 3 14:16:16 CEST 2013 on
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba