On 3/7/2025 11:57 AM, Rowland Penny via samba wrote:> On Thu, 6 Mar 2025 22:24:47 +0100
> Norbert Hanke via samba <samba at lists.samba.org> wrote:
>
>> Hi all,
>>
>> Since quite some time I see error messages like this in sysslog, on
>> all my Samba Domain Controllers:
>>
>> Mar? 6 12:40:41 dc1 daemon.err samba[448205]: [2025/03/06
>> 12:40:41.899326,? 0]
>> source4/dsdb/kcc/scavenge_dns_records.c:470(dns_delete_tombstones)
>> Mar? 6 12:40:41 dc1 daemon.err samba[448205]: dns_delete_tombstones:
>> The tombstoned dns node
>>
DC=E7450,DC=ad.mydomain.tld,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ad,DC=mydomain,DC=tld
>> has 611 dns records, expected one.
>>
>> How can I get rid of these 610 extra tombstones?
>>
> Provided that the tombstoned records are in the form
> '......0ADEL.......', then you can use samba-tool on a DC:
>
> sudo samba-tool domain tombstones expunge --tombstone-lifetime=0
>
> Usually warnings apply, make sure you have a good backup first.
>
> Rowland
I already do that every day as part of housekeeping, and it seems to
have no effect:
# samba-tool domain tombstones expunge --tombstone-lifetime=0
--use-kerberos=required
Removed 0 objects and 0 links successfully
Norbert