[Samba] samba AD - bind - deleted DNS entries are not removed completely
Rowland Penny
rpenny at samba.org
Wed Nov 21 19:27:40 UTC 2018
On Wed, 21 Nov 2018 19:39:53 +0100
Kacper Wirski via samba <samba at lists.samba.org> wrote:
> To answer my own question:
>
> Yes, it's seems like a feature.
Yes, it is a feature, an AD feature ;-)
>
> I ran basic ldbsearch query:
>
> ldbsearch -H /usr/local/samba/private/sam.ldb -b
> "DC=DomainDnsZones,DC=mydomain,DC=com" and saw in output entries with:
>
> dNSTombstoned: TRUE
>
> Overall there are a couple hundred entries with as such. So now my
> question is:
>
> How can I safely remove them, any tips/guideliness? I thought that
> doing tombstone expunge would get rid of them - but apparently not.
>
Have a look here:
https://blogs.technet.microsoft.com/isrpfeplat/2010/09/23/dns-scavenging-internals-or-what-is-the-dnstombstoned-attribute-for-ad-integrated-zones/
It seems that the DC is supposed to scavenge the stale dns records
after a certain period, usually 7 days, but it looks like Samba doesn't
have the code, unless someone knows different.
Rowland
More information about the samba
mailing list