abartlet at samba.org
Wed Mar 18 21:26:25 UTC 2020
On Wed, 2020-03-18 at 20:48 +0100, Christian Naumer via samba wrote:
> Hello you all,
> with the new samba version out that fixes some problems with dns
> scavenging I have decided to try this feature.
> I was specifically interested for our reverse zone (PTR records)
> We have one zone for VPN clients 8.0.10.in-addr.arpa. I activated the
> feature in the smb.conf as well as in the Windows DNS manager.
> Entries are deleted (not visible in DNS manager) after a while.
> You can still see them in ADSI-Edit. Those that are invisible have
> "dNSTombstoned: TRUE" set the others have either FALSE or the
> is not there at all.
> My problem is this if an entry was deleted and has "dNSTombstoned:
> it still has the same owner and therefore a new computer that got the
> same IP from our VPN gateway can not set this entry to point to
> Shouldn't the code that deletes (or marks as deleted/tombstoned)
> the owner? or is this by design?
Honestly, I'm not sure. The whole dNSTombstoned thing is designed to
avoid churn of actual deleted records, which would pile up for 6 months
and overwhelm replication. But it means they remain real records with
a real owner, and the normal ACL rules apply.
This makes sense for forward records, but less sense for reverse
records if the IP allocated isn't mostly constant.
> Also "samba-tool domain tombstones expunge --tombstone-lifetime=0"
> not delete the records with "dNSTombstoned: TRUE". Is this a
That would be a different tombstone, yes.
> Until now what I do is delete the entries manually in ADSI. This
> as expected.
> Any hint how to get this working?
I'm not sure right now.
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT - Expert Open Source
More information about the samba