Hi,
It is more prevention in the generation phase. It do block
re-registering the address.? Main culprit is: samba_dnsupdate command
that is run periodically by AD-DC by the instructions set in:?
dns_update_list that is in default install on Ubuntu:
/var/lib/samba/private (root access only).
SH
On 14/07/2025 14.42, Luis Peromarta via samba wrote:> http://samba.bigbird.es/doku.php?id=samba:fsmo-roles
>
> I use the script at the end for sanity checks and delete all others. Maybe
it works for you and it deletes 14999 records.
> On 14 Jul 2025 at 12:31 +0100, Sami Hulkko via samba <samba at
lists.samba.org>, wrote:
>> Hi,
>>
>> Atleast in tcp6 the auto-dns-update seems to duplicate ip6 address to
>> Samba. What I have done is:
>>
>> ....
>>
>> ? ? ? ? bind interfaces only = yes
>> ? ? ? ? interfaces = lo 192.168.1.0/24
>>
>> ....
>>
>> Binding into one address only. Might help.
>>
>> SH
>>
>> On 14/07/2025 12.52, Nicolas Martinussen via samba wrote:
>>> Hello,
>>>
>>> I have a strange issue with my _msdcs zone. The PDC record
(_ldap._tcp.pdc._msdcs) is duplicated 15.000 times... I've discovered it
because the DNS that does the transfer of that zone complained about too many
records. After checking, I in fact got a lot of records:
>>> ~# dig @192.168.XX.XX _msdcs.MYDOMAIN AXFR | sort | uniq -c | sort
-nr
>>> 15120 _ldap._tcp.pdc._msdcs.MYDOMAIN. 900 IN SRV 0 100 389
dc-01.MYDOMAIN.
>>>
>>> For the other records, I get only one instance for each, so
it's just the PDC record.
>>>
>>> Here is my smb.conf
>>> [global]
>>> netbios name = DC-01
>>> realm = MYDOMAIN
>>> server role = active directory domain controller
>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
>>> workgroup = MYDOMAIN
>>> idmap_ldb:use rfc2307 = yes
>>> dns zone transfer clients allow = 192.168.102.102 192.168.102.103
192.168.102.98 192.168.102.99 192.168.103.138 192.168.103.139
>>> dns zone scavenging = yes
>>>
>>> # WINS
>>> wins support = yes
>>> dns proxy = yes
>>> # WINS
>>>
>>> # TLS
>>> tls enabled = yes
>>> tls keyfile = tls/dc-01.2023.key
>>> tls certfile = tls/dc-01.2023.crt
>>> tls cafile = tls/CA/joskin_AD_CA.2023.crt
>>> # TLS
>>>
>>> [sysvol]
>>> path = /data/sysvol
>>> read only = No
>>>
>>> [netlogon]
>>> path = /data/sysvol/MYDOMAIN/scripts
>>> read only = No
>>>
>>> And here is my named.conf
>>> options {
>>> listen-on port 53 { 127.0.0.1; 192.168.XX.XX; };
>>> directory "/var/named";
>>> dump-file "/var/named/data/cache_dump.db";
>>> statistics-file "/var/named/data/named_stats.txt";
>>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>>> secroots-file "/var/named/data/named.secroots";
>>> recursing-file "/var/named/data/named.recursing";
>>>
>>> allow-query { 192.168.0.0/16; };
>>> auth-nxdomain yes;
>>> notify no;
>>> empty-zones-enable no;
>>> recursion yes;
>>> allow-transfer { 192.168.YY.YY; };
>>> tkey-gssapi-keytab
"/usr/local/samba/bind-dns/dns.keytab";
>>> minimal-responses yes;
>>>
>>> forwarders { 192.168.YY.YY; };
>>>
>>> managed-keys-directory "/var/named/dynamic";
>>>
>>> pid-file "/run/named/named.pid";
>>> session-keyfile "/run/named/session.key";
>>> };
>>>
>>> logging {
>>> channel default_debug {
>>> file "data/named.run";
>>> severity dynamic;
>>> };
>>> };
>>>
>>> include "/usr/local/samba/bind-dns/named.conf";
>>>
>>> I have absolutely no idea what can cause that and how to resolve
that. Is there somebody that could maybe help me ?
>>>
>>> Thanks in advance,
>>> Nicolas Martinussen
>> --
>> Sami Hulkko
>> +358 45 8569 319
>> sahulkko at gmail.com
>> sahulkko at icloud.com
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
--
Sami Hulkko
+358 45 8569 319
sahulkko at gmail.com
sahulkko at icloud.com