[Samba] DomainDnsZone Replication Shows 200,000 Objects
Günter Kukkukk
linux at kukkukk.com
Thu Jan 16 22:41:08 MST 2014
Am 17.01.2014 05:23, schrieb Günter Kukkukk:
> Am 15.01.2014 06:15, schrieb Günter Kukkukk:
>> Am 14.01.2014 03:56, schrieb Günter Kukkukk:
>>> Am 13.01.2014 23:47, schrieb Achim Gottinger:
>>>> Am 13.01.2014 18:39, schrieb lp101:
>>>>> It looks like 15,000 records have been deleted over a period of 8 hours. This was after changing the attribute to 30 days. Do you know how to
>>>>> force replication for the Domain DNS Deleted Objects? Replicating the DominDnsZones using Samba-tool drs replicate doesn't appear to replicate these
>>>>> objects.
>>>>> I've attempted to join a DC again over a 1.5Mbit Wan link using Samba 4.1.4 on Ubuntu 12.04. At this moment I'm over 19hrs in with 312355/385196
>>>>> replicated. I joined using "--domain-critical-only" thinking it may exclude these items but I was wrong.
>>>> Thank you fro the update. Can it be you have an few sites whom are not directly connected? This does slow down replication. Hope it works for you this
>>>> time, but didn't it fail at ~350000 objects last time?
>>>>
>>>>
>>>
>>> FYI - the samba ISC bind DLZ plugin does a different approach.
>>> When all child DNS entry are gone, it _leaves_ the directory storage as:
>>> (sambatool dns query .... output)
>>>
>>> Name=mytest, Records=0, Children=0
>>>
>>> So the record is _not_ deleted - more or less "left as an unused entry".
>>> Those entries can be re-used later, but can also accumulate when not
>>> being re-used.
>>>
>>> As i've seen with a windows7 client during normal operation, it deletes
>>> its A and AAAA records and then registers one/both again in some interval
>>> of about 5 to 10 minutes! (Could be due i was running the MS MMC DNS plugin).
>>>
>>> This behavior is atm handled fine with the DLZ driver - but is somewhat FATAL
>>> for the internal DNS server: It creates LOTS of deleted dns entries!
>>>
>>> So i've reverted the patch
>>> 8b24c43b382740106474e26dec59e1419ba77306
>>> which was deleting the whole dns entry.
>>>
>>> After this revert the internal dns server behaves the same as the DLZ driver and
>>> leaves those
>>> Name=mytest, Records=0, Children=0
>>> records around - BUT THEN the current implementation is NOT able to add
>>> new incoming records!
>>> https://bugzilla.samba.org/show_bug.cgi?id=9559
>>>
>>> Atm i did a very first simple patch to the internal dns, which allows
>>> to add new entries in that
>>> Name=mytest, Records=0, Children=0
>>> formerly failing state.
>>>
>>> Now the internal dns _seems_ to behave similar to the DLZ driver, but
>>> more investigation is needed because dns entries can be "static" or
>>> "time stamped" ....
>>>
>>> So i'm still looking at all related infos ....
>>>
>>> Btw - has someone seen "strange" behavior in this area when the
>>> DLZ driver is used?
>>>
>>> Cheers, Günter
>>>
>>
>> Atm i'm trying to collect as much info as possible.
>>
>> Can someone comment on this article/patch ?
>> http://support.microsoft.com/kb/2548145/en-us
>>
>> Cheers, Günter
>>
>
> some additional notes.
>
> When the samba DLZ dns driver is creating dyn. dns entries, a time stamp
> is set on that record! This is the expected behavior for dynamic entries.
>
> This is _NOT_ the case when the internal dns used! :-(
>
> Because the time stamp is zero, such a dns entry is treated as being "static"!
>
> When following
> http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx
>
> "static" dns entries are _never_ used by scavenging (aging)!
> (beside when "dnscmd /ageallrecords ...." has been issued at some time)
>
> See samba dns dlz vs internal differences here:
> http://picpaste.com/samba-dns-6UEpowtv.png
> --------------------
>
> One can also use the MS "dnscmd" command against the internal dns entries:
>
> C:\Users\administrator>dnscmd linux4771 /enumrecords intranet01.hom mytest /additional /detail
> Zurückgegebene Datensätze:
> RPC-Knoten:
>
> ptr = 0000000000141BE0
> wLength = 16
> wRecordCount = 1
> dwChildCount = 0
> dwFlags = 00000000 Knotenname = @
>
> A Datensatzinformationen:
> ptr = 0000000000141BF0
> wType = A (1)
> wDataLength = 4
> dwFlags = f0
> rank = f0
> dwSerial = 0000006E
> dwTtlSeconds = 3600
> dwTimeStamp = 0 ([ 0: 0: 0] [ 1/ 1/1601]) A 192.168.200.202
>
> Der Befehl wurde erfolgreich ausgeführt.
> ----------------------
> dwTimeStamp is zero ===> STATIC dns entry!
>
> This adds some additional infos to all our former posts about scavenging ...
>
> Will keep you informed.
>
> Cheers, Günter
>
Internal samba DNS server:
The missing time stamp issue should be solved like this:
diff --git a/source4/dns_server/dns_update.c b/source4/dns_server/dns_update.c
index 9edc40b..b2c2bd7 100644
--- a/source4/dns_server/dns_update.c
+++ b/source4/dns_server/dns_update.c
@@ -292,6 +292,7 @@ static WERROR dns_rr_to_dnsp(TALLOC_CTX *mem_ctx,
char *tmp;
char *txt_record_txt;
char *saveptr = NULL;
+ NTTIME t;
if (rrec->rr_type == DNS_QTYPE_ALL) {
return DNS_ERR(FORMAT_ERROR);
@@ -305,6 +306,12 @@ static WERROR dns_rr_to_dnsp(TALLOC_CTX *mem_ctx,
/* TODO: Autogenerate this somehow */
r->dwSerial = 110;
+ /* We need to set a time stamp on this record */
+ unix_to_nt_time (&t, time(NULL));
+ t /= 10*1000*1000; /* convert to seconds */
+ t /= 3600; /* convert to hours */
+ r->dwTimeStamp = (uint32_t)t;
With my other revert and (internal) patch to allow dyn. dns updates also in case of
Name=mytest, Records=0, Children=0
all seems to be working fine now! :-)
Cheers, Günter
Hmmm - working at least similar to the DLZ driver ...
--
More information about the samba
mailing list