[Samba] DomainDnsZone Replication Shows 200,000 Objects

lp101 lingpanda101 at gmail.com
Fri Jan 3 07:04:12 MST 2014

     My domain now has just under 400,000 dns objects during join. I'm 
unable to join a new server as the machine runs out of memory during the 
replication process and kicks back to the command line. This is with 6GB 
of memory. It failed with roughly 10,000 objects left to replicate.  Can 
you provide me with the correct syntax to view these objects in sam.ldb 
and I assume you used ADSI to edit the tombstone attribute? Thanks.

On 1/3/2014 5:39 AM, Achim Gottinger wrote:
> Am 02.01.2014 20:35, schrieb lp101:
>> Here are a couple articles that explain how these objects work that 
>> may prove helpful.
>> http://blogs.technet.com/b/networking/archive/2011/08/17/tracking-dns-record-deletion.aspx 
>> http://technet.microsoft.com/en-us/library/cc759204%28WS.10%29.aspx
> Thank you for the links.
> So if an DNS record ist dnsTombstoned and older than seven days it 
> gets AD tombstoned and lives in the database for an default of 180 
> days. I thought it would be removed completely from the ad database in 
> that case.
> Since samba does not use dnsTombstone's any update to an dns record 
> via sama-tool dns, nsupdate or an windows client results in an 
> directly ad tombstoned record. So the only way to reduce the number of 
> deleted dns records is at the moment to lower the ad tombstone 
> lifetime atribute (CN=Directory Service,CN=Windows 
> NT,CN=Services,CN=Configuration,CN={GUID}). I reduced it to 30 days 
> for now. One has to be careful with that attribute if an ad domain 
> server is down for an longer period it can cause problems with 
> replication afterwards and the server must be rejoined.
> achim~

More information about the samba mailing list