[Samba] DomainDnsZone Replication Shows 200,000 Objects

[lp101]

     Replication of the Deleted DNS Zones are still skewed on all DC's. 
Will give it some time and check again. I assume my internal DNS must be 
working 100% to have these entries deleted? I'm still getting this in my 
log.samba:

[2014/01/10 22:17:32.665570,  0] 
../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
   ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - 
NT_STATUS_IO_TIMEOUT

I really do not want to use bind but I may have to.

On 1/10/2014 8:33 PM, Achim Gottinger wrote:
> Am 11.01.2014 02:05, schrieb lp101:
>> Just an FYI. I reverted the tombstone back to 180 and replication 
>> sprang back to life. This was on the DC that held all the FSMO roles. 
>> While things are working again I'm still back to square one with all 
>> the deleted domain entries.
> Thank you for the status update. I have to add two more servers to one 
> domain whom will be connected via 1-2MBit SDSL lines, looking at the 
> time it took your server to replicate the dns database during join 
> makes me curious how long it will take on my side.
> You said your servers had different amounts of deleted records, is 
> that still the case after you got replication working? If not did they 
> diminish?
> My test setup was pretty simple two servers connected via an 2GBit VM 
> interface. So the changes i made to the tomstoneLifetime attribute 
> should have been replicated almost instantly.
> On an bigger setup it may be better to wait till the change got 
> replicated to all dc's. The purging of outdated deleted object should 
> also happen on a daily basis without an restart of the samba services. 
> I think the active directory docs mentioned somewhere that ad objects 
> do not get deleted if there are replication errors. I'd change the 
> attribute more modest to for example 160 days and wait till samba-tool 
> drs shorrepl shows an successfull replication after the modification.