thr3ads.net - samba - [Samba] Huge DNS files for small Samba AD domain. How to cleanup? [Aug 2023]

If this information is useful, please help other people find it:
Share via:

2023-Aug-27 12:31 UTC

[Samba] Huge DNS files for small Samba AD domain. How to cleanup?

We have a small Samba AD server with around 20 users and 70 machines 
(including phones, printers, etc.).

When using |dig -t AXFR| to list the entire domain, there are 60 records 
(SOA, NS, A, and SRV records).

But the |DC=DOMAINDNSZONES...| .ldb files under 
|/var/lib/samba/private/sam.ldb.d/| and 
|/var/lib/samba/bind-dns/dns/sam.ldb.d/|, are *over 600 MB* and keep 
growing.

And |samba-tool dbcheck --cross-ncs| shows "Checking 123859 objects" !
It only lists a few as "expired tombstone". Running "samba-tool
domain
tombstones expunge" says it removed 51 objects, so that doesn't fix it.

How can I cleanup these |DC=DOMAINDNSZONES...| .ldb files? And/or what 
might be wrong in our setup to cause these files to grow indefinitely?

The server runs Debian 11.7 with Samba 4.13.13.

(I also posted more details in this question on Stackexchange: 
https://serverfault.com/questions/1137639 several weeks ago, but there 
has been no reply so far)

Thanks for any help

samba - Aug 2023 - Huge DNS files for small Samba AD domain. How to cleanup?

[Samba] Huge DNS files for small Samba AD domain. How to cleanup?