[Samba] DomainDnsZone Replication Shows 200,000 Objects

Günter Kukkukk linux at kukkukk.com
Thu Jan 16 21:23:41 MST 2014 

Am 15.01.2014 06:15, schrieb Günter Kukkukk:
> Am 14.01.2014 03:56, schrieb Günter Kukkukk:
>> Am 13.01.2014 23:47, schrieb Achim Gottinger:
>>> Am 13.01.2014 18:39, schrieb lp101:
>>>>     It looks like 15,000 records have been deleted over a period of 8 hours. This was after changing the attribute to 30 days. Do you know how to
>>>> force replication for the Domain DNS Deleted Objects? Replicating the DominDnsZones using Samba-tool drs replicate doesn't appear to replicate these
>>>> objects.
>>>>     I've attempted to join a DC again over a 1.5Mbit Wan link using Samba 4.1.4 on Ubuntu 12.04. At this moment I'm over 19hrs in with 312355/385196
>>>> replicated. I joined using "--domain-critical-only" thinking it may exclude these items but I was wrong.
>>> Thank you fro the update. Can it be you have an few sites whom are not directly connected? This does slow down replication. Hope it works for you this
>>> time, but didn't it fail at ~350000 objects last time?
>>>
>>>
>>
>> FYI - the samba ISC bind DLZ plugin does a different approach.
>> When all child DNS entry are gone, it _leaves_ the directory storage as:
>> (sambatool dns query .... output)
>>
>> Name=mytest, Records=0, Children=0
>>
>> So the record is _not_ deleted - more or less "left as an unused entry".
>> Those entries can be re-used later, but can also accumulate when not
>> being re-used.
>>
>> As i've seen with a windows7 client during normal operation, it deletes
>> its A and AAAA records and then registers one/both again in some interval
>> of about 5 to 10 minutes! (Could be due i was running the MS MMC DNS plugin).
>>
>> This behavior is atm handled fine with the DLZ driver - but is somewhat FATAL
>> for the internal DNS server: It creates LOTS of deleted dns entries!
>>
>> So i've reverted the patch
>>      8b24c43b382740106474e26dec59e1419ba77306
>> which was deleting the whole dns entry.
>>
>> After this revert the internal dns server behaves the same as the DLZ driver and
>> leaves those
>>    Name=mytest, Records=0, Children=0
>> records around - BUT THEN the current implementation is NOT able to add
>> new incoming records!
>> https://bugzilla.samba.org/show_bug.cgi?id=9559
>>
>> Atm i did a very first simple patch to the internal dns, which allows
>> to add new entries in that
>>   Name=mytest, Records=0, Children=0
>> formerly failing state.
>>
>> Now the internal dns _seems_ to behave similar to the DLZ driver, but
>> more investigation is needed because dns entries can be "static" or
>> "time stamped" ....
>>
>> So i'm still looking at all related infos ....
>>
>> Btw - has someone seen "strange" behavior in this area when the
>> DLZ driver is used?
>>
>> Cheers, Günter
>>
> 
> Atm i'm trying to collect as much info as possible.
> 
> Can someone comment on this article/patch ?
>    http://support.microsoft.com/kb/2548145/en-us
> 
> Cheers, Günter
> 

some additional notes.

When the samba DLZ dns driver is creating dyn. dns entries, a time stamp
is set on that record! This is the expected behavior for dynamic entries.

This is _NOT_ the case when the internal dns used! :-(

Because the time stamp is zero, such a dns entry is treated as being "static"!

When following
http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx

"static" dns entries are _never_ used by scavenging (aging)!
(beside when "dnscmd /ageallrecords ...." has been issued at some time)

See samba dns dlz vs internal differences here:
http://picpaste.com/samba-dns-6UEpowtv.png
--------------------

One can also use the MS "dnscmd" command against the internal dns entries:

C:\Users\administrator>dnscmd linux4771 /enumrecords intranet01.hom mytest /additional /detail
Zurückgegebene Datensätze:
RPC-Knoten:

        ptr          = 0000000000141BE0
        wLength      = 16
        wRecordCount = 1
        dwChildCount = 0
        dwFlags      = 00000000 Knotenname    = @

  A Datensatzinformationen:
        ptr           = 0000000000141BF0
        wType         = A (1)
        wDataLength   = 4
        dwFlags       = f0
        rank          = f0
        dwSerial      = 0000006E
        dwTtlSeconds = 3600
        dwTimeStamp   = 0 ([ 0: 0: 0] [ 1/ 1/1601]) A   192.168.200.202

Der Befehl wurde erfolgreich ausgeführt.
----------------------
dwTimeStamp is zero ===> STATIC dns entry!

This adds some additional infos to all our former posts about scavenging ...

Will keep you informed.

Cheers, Günter

More information about the samba mailing list