[Samba] samba AD - bind - deleted DNS entries are not removed completely
Kacper Wirski
kacper.wirski at gmail.com
Wed Nov 21 19:48:34 UTC 2018
So in my case - is it safe to delete directly using ldbdel or using
windows ADSI gui ldap editor? Or is there another way? What is the right
way to do it?
something like:
ldbdel -H /usr/local/samba/private/sam.ldb
-b"DC=DomainDnsZones,DC=mydomain,DC=com '(dNSTombstoned: TRUE)' ?
I read in samba 4.9 new features release notes about scavenging but I'm
not sure if it's the same thing as in the posted link and anyway - this
feature only supposedly works only in new zones.
W dniu 21.11.2018 o 20:27, Rowland Penny via samba pisze:
> On Wed, 21 Nov 2018 19:39:53 +0100
> Kacper Wirski via samba <samba at lists.samba.org> wrote:
>
>> To answer my own question:
>>
>> Yes, it's seems like a feature.
> Yes, it is a feature, an AD feature ;-)
>
>> I ran basic ldbsearch query:
>>
>> ldbsearch -H /usr/local/samba/private/sam.ldb -b
>> "DC=DomainDnsZones,DC=mydomain,DC=com" and saw in output entries with:
>>
>> dNSTombstoned: TRUE
>>
>> Overall there are a couple hundred entries with as such. So now my
>> question is:
>>
>> How can I safely remove them, any tips/guideliness? I thought that
>> doing tombstone expunge would get rid of them - but apparently not.
>>
> Have a look here:
>
> https://blogs.technet.microsoft.com/isrpfeplat/2010/09/23/dns-scavenging-internals-or-what-is-the-dnstombstoned-attribute-for-ad-integrated-zones/
>
> It seems that the DC is supposed to scavenge the stale dns records
> after a certain period, usually 7 days, but it looks like Samba doesn't
> have the code, unless someone knows different.
>
> Rowland
>
More information about the samba
mailing list