Kacper Wirski
2018-Nov-21 19:48 UTC
[Samba] samba AD - bind - deleted DNS entries are not removed completely
So in my case - is it safe to delete directly using ldbdel or using windows ADSI gui ldap editor? Or is there another way? What is the right way to do it? something like: ldbdel -H /usr/local/samba/private/sam.ldb -b"DC=DomainDnsZones,DC=mydomain,DC=com '(dNSTombstoned: TRUE)' ? I read in samba 4.9 new features release notes about scavenging but I'm not sure if it's the same thing as in the posted link and anyway - this feature only supposedly works only in new zones. W dniu 21.11.2018 o 20:27, Rowland Penny via samba pisze:> On Wed, 21 Nov 2018 19:39:53 +0100 > Kacper Wirski via samba <samba at lists.samba.org> wrote: > >> To answer my own question: >> >> Yes, it's seems like a feature. > Yes, it is a feature, an AD feature ;-) > >> I ran basic ldbsearch query: >> >> ldbsearch -H /usr/local/samba/private/sam.ldb -b >> "DC=DomainDnsZones,DC=mydomain,DC=com" and saw in output entries with: >> >> dNSTombstoned: TRUE >> >> Overall there are a couple hundred entries with as such. So now my >> question is: >> >> How can I safely remove them, any tips/guideliness? I thought that >> doing tombstone expunge would get rid of them - but apparently not. >> > Have a look here: > > https://blogs.technet.microsoft.com/isrpfeplat/2010/09/23/dns-scavenging-internals-or-what-is-the-dnstombstoned-attribute-for-ad-integrated-zones/ > > It seems that the DC is supposed to scavenge the stale dns records > after a certain period, usually 7 days, but it looks like Samba doesn't > have the code, unless someone knows different. > > Rowland >
Rowland Penny
2018-Nov-21 20:09 UTC
[Samba] samba AD - bind - deleted DNS entries are not removed completely
On Wed, 21 Nov 2018 20:48:34 +0100 Kacper Wirski via samba <samba at lists.samba.org> wrote:> So in my case - is it safe to delete directly using ldbdel or using > windows ADSI gui ldap editor? Or is there another way? What is the > right way to do it? > > something like: > > ldbdel -H /usr/local/samba/private/sam.ldb > -b"DC=DomainDnsZones,DC=mydomain,DC=com '(dNSTombstoned: TRUE)' ?Close, the syntax is: ldbdel -H /path/to/sam.ldb The_Full_DN_To_Delete You may or may not need to authenticate.> > I read in samba 4.9 new features release notes about scavenging but > I'm not sure if it's the same thing as in the posted link and anyway > - this feature only supposedly works only in new zones.Yes that's it Rowland
Kacper Wirski
2018-Nov-21 20:35 UTC
[Samba] samba AD - bind - deleted DNS entries are not removed completely
W dniu 21.11.2018 o 21:09, Rowland Penny via samba pisze:> On Wed, 21 Nov 2018 20:48:34 +0100 > Kacper Wirski via samba <samba at lists.samba.org> wrote: > >> So in my case - is it safe to delete directly using ldbdel or using >> windows ADSI gui ldap editor? Or is there another way? What is the >> right way to do it? >> >> something like: >> >> ldbdel -H /usr/local/samba/private/sam.ldb >> -b"DC=DomainDnsZones,DC=mydomain,DC=com '(dNSTombstoned: TRUE)' ? > Close, the syntax is: > > ldbdel -H /path/to/sam.ldb The_Full_DN_To_DeleteThank You. I'm wondering though, isn't there more efficient way like "in bulk", based on anyof the common attributes?> You may or may not need to authenticate. > >> I read in samba 4.9 new features release notes about scavenging but >> I'm not sure if it's the same thing as in the posted link and anyway >> - this feature only supposedly works only in new zones. > Yes that's it > > Rowland > > > >