[Samba] DomainDnsZone Replication Shows 200,000 Objects

Günter Kukkukk linux at kukkukk.com
Thu Jan 16 22:41:08 MST 2014 

Am 17.01.2014 05:23, schrieb Günter Kukkukk:
> Am 15.01.2014 06:15, schrieb Günter Kukkukk:
>> Am 14.01.2014 03:56, schrieb Günter Kukkukk:
>>> Am 13.01.2014 23:47, schrieb Achim Gottinger:
>>>> Am 13.01.2014 18:39, schrieb lp101:
>>>>>     It looks like 15,000 records have been deleted over a period of 8 hours. This was after changing the attribute to 30 days. Do you know how to
>>>>> force replication for the Domain DNS Deleted Objects? Replicating the DominDnsZones using Samba-tool drs replicate doesn't appear to replicate these
>>>>> objects.
>>>>>     I've attempted to join a DC again over a 1.5Mbit Wan link using Samba 4.1.4 on Ubuntu 12.04. At this moment I'm over 19hrs in with 312355/385196
>>>>> replicated. I joined using "--domain-critical-only" thinking it may exclude these items but I was wrong.
>>>> Thank you fro the update. Can it be you have an few sites whom are not directly connected? This does slow down replication. Hope it works for you this
>>>> time, but didn't it fail at ~350000 objects last time?
>>>>
>>>>
>>>
>>> FYI - the samba ISC bind DLZ plugin does a different approach.
>>> When all child DNS entry are gone, it _leaves_ the directory storage as:
>>> (sambatool dns query .... output)
>>>
>>> Name=mytest, Records=0, Children=0
>>>
>>> So the record is _not_ deleted - more or less "left as an unused entry".
>>> Those entries can be re-used later, but can also accumulate when not
>>> being re-used.
>>>
>>> As i've seen with a windows7 client during normal operation, it deletes
>>> its A and AAAA records and then registers one/both again in some interval
>>> of about 5 to 10 minutes! (Could be due i was running the MS MMC DNS plugin).
>>>
>>> This behavior is atm handled fine with the DLZ driver - but is somewhat FATAL
>>> for the internal DNS server: It creates LOTS of deleted dns entries!
>>>
>>> So i've reverted the patch
>>>      8b24c43b382740106474e26dec59e1419ba77306
>>> which was deleting the whole dns entry.
>>>
>>> After this revert the internal dns server behaves the same as the DLZ driver and
>>> leaves those
>>>    Name=mytest, Records=0, Children=0
>>> records around - BUT THEN the current implementation is NOT able to add
>>> new incoming records!
>>> https://bugzilla.samba.org/show_bug.cgi?id=9559
>>>
>>> Atm i did a very first simple patch to the internal dns, which allows
>>> to add new entries in that
>>>   Name=mytest, Records=0, Children=0
>>> formerly failing state.
>>>
>>> Now the internal dns _seems_ to behave similar to the DLZ driver, but
>>> more investigation is needed because dns entries can be "static" or
>>> "time stamped" ....
>>>
>>> So i'm still looking at all related infos ....
>>>
>>> Btw - has someone seen "strange" behavior in this area when the
>>> DLZ driver is used?
>>>
>>> Cheers, Günter
>>>
>>
>> Atm i'm trying to collect as much info as possible.
>>
>> Can someone comment on this article/patch ?
>>    http://support.microsoft.com/kb/2548145/en-us
>>
>> Cheers, Günter
>>
> 
> some additional notes.
> 
> When the samba DLZ dns driver is creating dyn. dns entries, a time stamp
> is set on that record! This is the expected behavior for dynamic entries.
> 
> This is _NOT_ the case when the internal dns used! :-(
> 
> Because the time stamp is zero, such a dns entry is treated as being "static"!
> 
> When following
> http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx
> 
> "static" dns entries are _never_ used by scavenging (aging)!
> (beside when "dnscmd /ageallrecords ...." has been issued at some time)
> 
> See samba dns dlz vs internal differences here:
> http://picpaste.com/samba-dns-6UEpowtv.png
> --------------------
> 
> One can also use the MS "dnscmd" command against the internal dns entries:
> 
> C:\Users\administrator>dnscmd linux4771 /enumrecords intranet01.hom mytest /additional /detail
> Zurückgegebene Datensätze:
> RPC-Knoten:
> 
>         ptr          = 0000000000141BE0
>         wLength      = 16
>         wRecordCount = 1
>         dwChildCount = 0
>         dwFlags      = 00000000 Knotenname    = @
> 
>   A Datensatzinformationen:
>         ptr           = 0000000000141BF0
>         wType         = A (1)
>         wDataLength   = 4
>         dwFlags       = f0
>         rank          = f0
>         dwSerial      = 0000006E
>         dwTtlSeconds = 3600
>         dwTimeStamp   = 0 ([ 0: 0: 0] [ 1/ 1/1601]) A   192.168.200.202
> 
> Der Befehl wurde erfolgreich ausgeführt.
> ----------------------
> dwTimeStamp is zero ===> STATIC dns entry!
> 
> This adds some additional infos to all our former posts about scavenging ...
> 
> Will keep you informed.
> 
> Cheers, Günter
> 

Internal samba DNS server:

The missing time stamp issue should be solved like this:

diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
index 9edc40b..b2c2bd7 100644
--- a/source4/dns_server/dns_update.c
+++ b/source4/dns_server/dns_update.c
@@ -292,6 +292,7 @@ static WERROR dns_rr_to_dnsp(TALLOC_CTX *mem_ctx,
        char *tmp;
        char *txt_record_txt;
        char *saveptr = NULL;
+       NTTIME t;

        if (rrec->rr_type == DNS_QTYPE_ALL) {
                return DNS_ERR(FORMAT_ERROR);
@@ -305,6 +306,12 @@ static WERROR dns_rr_to_dnsp(TALLOC_CTX *mem_ctx,
        /* TODO: Autogenerate this somehow */
        r->dwSerial = 110;

+       /* We need to set a time stamp on this record */
+       unix_to_nt_time (&t, time(NULL));
+       t /= 10*1000*1000; /* convert to seconds */
+       t /= 3600;         /* convert to hours */
+       r->dwTimeStamp = (uint32_t)t;

With my other revert and (internal) patch to allow dyn. dns updates also in case of
Name=mytest, Records=0, Children=0

all seems to be working fine now! :-)

Cheers, Günter

Hmmm - working at least similar to the DLZ driver ...

--

More information about the samba mailing list