samba - Dec 2021 - DNS PTR update fails if IP is reused by another client

On Sat, 2021-12-11 at 13:36 +0000, Rowland Penny via samba
wrote:
> 
> There is something going very wrong here. When you delete a dns
> object
> 
> in AD, it isn't really deleted. It has a few attributes removed and
> is
> 
> renamed and then moved to 'CN=Deleted
> 
> Objects,DC=DomainDnsZones,DC=samdom,DC=example,DC=com'
> 
> 
> 
> This means that the reverse record shouldn't be there when Windows
> 
> tries to create/alter the record.
DNS has two levels of tombstones, because clients so often do a
delete/add cycle it would quickly fill the DB (this used to happen,
long ago I was helping out a school with 100,000 DNS tombstones).

So objects become DNS 'deleted' but still owned (for SD purposes) by
the original name, then those get scavenged and become properly deleted
(so no squatting on that name).

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

I was looking for a way to use samba-tool to list all the PTR records 
associated with the domain, but couldn't find anything.  What's the best
way to do this?

On 12/12/21 10:58, Andrew Bartlett via samba wrote:
> On Sat, 2021-12-11 at 13:36 +0000, Rowland Penny via samba wrote:
>>
>> There is something going very wrong here. When you delete a dns
>> object
>>
>> in AD, it isn't really deleted. It has a few attributes removed and
>> is
>>
>> renamed and then moved to 'CN=Deleted
>>
>> Objects,DC=DomainDnsZones,DC=samdom,DC=example,DC=com'
>>
>>
>>
>> This means that the reverse record shouldn't be there when Windows
>>
>> tries to create/alter the record.
> 
> DNS has two levels of tombstones, because clients so often do a
> delete/add cycle it would quickly fill the DB (this used to happen,
> long ago I was helping out a school with 100,000 DNS tombstones).
> 
> So objects become DNS 'deleted' but still owned (for SD purposes)
by
> the original name, then those get scavenged and become properly deleted
> (so no squatting on that name).
> 
> Andrew Bartlett
>

On Sun, 12 Dec 2021, 16:59 Andrew Bartlett via samba, <samba at
lists.samba.org>
wrote:
> DNS has two levels of tombstones, because clients so often do a
> delete/add cycle it would quickly fill the DB (this used to happen,
> long ago I was helping out a school with 100,000 DNS tombstones).
>
> So objects become DNS 'deleted' but still owned (for SD purposes)
by
> the original name, then those get scavenged and become properly deleted
> (so no squatting on that name).
>
> Andrew Bartlett
So how do I allow the record to be created?   I am still getting these
error messages.   How long is it before the records get scavenged
automatically?

Thanks,
Roy

Do read this also Roy, 
https://wiki.samba.org/index.php/Samba_Features_added/changed#Marking_old_records_as_static_or_dynamic_with_.27samba-tool.27

 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roy 
> Eastwood via samba
> Verzonden: woensdag 15 december 2021 22:41
> Aan: Andrew Bartlett; samba at lists.samba.org
> Onderwerp: Re: [Samba] DNS PTR update fails if IP is reused 
> by another client
> 
> On Sun, 12 Dec 2021, 16:59 Andrew Bartlett via samba, 
> <samba at lists.samba.org>
> wrote:
> > DNS has two levels of tombstones, because clients so often do a
> > delete/add cycle it would quickly fill the DB (this used to happen,
> > long ago I was helping out a school with 100,000 DNS tombstones).
> >
> > So objects become DNS 'deleted' but still owned (for SD
purposes) by
> > the original name, then those get scavenged and become 
> properly deleted
> > (so no squatting on that name).
> >
> > Andrew Bartlett
> 
> So how do I allow the record to be created?   I am still getting these
> error messages.   How long is it before the records get scavenged
> automatically?
> 
> Thanks,
> Roy
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>