[Samba] DomainDnsZone Replication Shows 200,000 Objects
Achim Gottinger
achim at ag-web.biz
Fri Jan 3 03:39:46 MST 2014
Am 02.01.2014 20:35, schrieb lp101:
>
> Here are a couple articles that explain how these objects work that
> may prove helpful.
>
> http://blogs.technet.com/b/networking/archive/2011/08/17/tracking-dns-record-deletion.aspx
>
>
> http://technet.microsoft.com/en-us/library/cc759204%28WS.10%29.aspx
Thank you for the links.
So if an DNS record ist dnsTombstoned and older than seven days it gets
AD tombstoned and lives in the database for an default of 180 days. I
thought it would be removed completely from the ad database in that case.
Since samba does not use dnsTombstone's any update to an dns record via
sama-tool dns, nsupdate or an windows client results in an directly ad
tombstoned record. So the only way to reduce the number of deleted dns
records is at the moment to lower the ad tombstone lifetime atribute
(CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,CN={GUID}). I reduced it to 30 days for
now. One has to be careful with that attribute if an ad domain server is
down for an longer period it can cause problems with replication
afterwards and the server must be rejoined.
achim~
More information about the samba
mailing list