[Samba] Cleaning up old DC DNS records
abartlet at samba.org
Wed Sep 6 09:42:44 UTC 2017
On Tue, 2017-09-05 at 18:39 -0400, Patrick Lepore via samba wrote:
> Hi, I demoted a running domain controller by running the samba-tool demote
> command on the running system to be demoted and there's still some DNS
> entries for the old one kicking around. It's still listed under _msdcs and
> also _kerberos._udp and _ldap._tcp.
> Should I manually remove them?
> If so, is there a list of spots to look in
> for DNS entries of old DCs?
The remove-other-dead-server option looks for records pointing at the
AD record of the demoted DC.
> Also, does the fact that these entries weren't removed indicate I had
> something misconfigured on the to-be-removed system or I screwed up the
> demotion procedures?
If you used the --remove-other-dead-server option, it would have
removed them. The online removal isn't as complete.
I've scoped out the work (on behalf of a client) to make the dynamic
records expire, to have a cleanup and to make the online cleanup more
thorough, but for now that is how it is.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba