The etcnsswitch.conf File
17.4 NIS vs. DNS
The domain name system DNS is the dedicated global service that spans the entire Internet with only one goal — to provide information about hosts worldwide; to be more specific, to provide host names and IP addresses. DNS is fully discussed in Chapter 16. The Network Information Service NIS is a dedicated service to provide various administrative data for a certain number of hosts contained within the specified NIS domain; these data also include host names and IP addresses. Obviously DNS and NIS overlap in this sphere — host names and IP addresses for the related hosts could be managed from both places. The logical question is, can NIS and DNS coexist peacefully? The answer is definitely yes, but it requires additional administration. Having in mind that the local etchosts files provide also the data about host names and IP addresses, we come to the three independent sources for the same data. Who has priority? How is data synchronized? What do you do if the same data are inconsistent? These are only few of the potential problems that we have to handle.17.4.1 The etcnsswitch.conf File
Modern UNIX flavors, like Solaris, HP−UX, or Linux, provide a special name−service−switch configuration file etcnsswitch.conf, which specifies the lookup policy used to define the order and the conditions under which various sources are queried to obtain the desired information. The lookup policy is defined by an nsswitch−entry specified by the system administrator; this is a text line with an understandable syntax. The following sources databases are allowed to be used in the specified policy: dns domain name system, nis Network Information Service, and files local configuration files. An nsswitch−entry must be on a single line, and includes: info−class: src [ criteria src [ criteria src ] ] where info−class Refers to the class of information being queried: for example, hosts for the host name service resolution. src Refers to a source network database to be queried, as stated earlier dns, nis, and files. criteria Optional field containing status=action pairs enclosed in square brackets, which represent the criteria when, and how, to query the following source. The valid status strings are: SUCCESS, NOTFOUND, TRYAGAIN, and UNAVAIL. The valid action strings are: continue and return — to continue query with the next source on the line if the associated status for this action has occurred, or to terminate the search and return any result of the last query. Default actions are: 423 For NOTFOUND=return • For UNAVAIL=continue • for TRYAGAIN=return • The only exception is that all the actions associated with the last source in the entry are always set to return and cannot be overridden. The following example from HP−UX 10.20 illustrates the different policies for querying hostname resolution: cat etcnsswitch.conf This file contains different configurations to query hostname resolution. Comment and comment−out corresponding entries that match the required policy. To use DNS first then etchosts, if DNS is either not up and running, or does not contain any answer in its database hosts: dns [NOTFOUND=continue] files To use etchosts first then DNS, if etchosts does not contain any answer in its database hosts: files [NOTFOUND=continue] dns To use NIS first then etchosts, if NIS is either not up and running, or does not contain any answer in its database hosts: nis [NOTFOUND=continue] files See the Administering Internet Services Manual and the switch4 man page for more information on the name service switch. The origin name of this file is related to the host name resolution; thus the ns prefix in the file name stands for the name service. However, only one nsswitch−entry in the file strictly addresses this issue; other entries are related to other network services and arbitrate between NIS and local databases for the corresponding service, like in the following example on the Linux platform: cat etcnsswitch.conf etcnsswitch.conf An example Name Service Switch config file. This file shoul be sorted with the most−used services at the beginning. The entry [NOTFOUND=return] means that the search for an entry should stop if the search in the previous entry turned up nothing. Note that if the search failed due to some other reason like no NIS server responding then the search continues with the next entry. Legal entries are: nisplus or nis+ Use NIS+ NIS version 3 nis or yp Use NIS NIS version 2, also called YP dns Use DNS Domain Name Service files Use the local files [NOTFOUND=return] Stop searching if not found so far Example – obey only what nisplus tells us… services: nisplus [NOTFOUND=return] files networks: nisplus [NOTFOUND=return] files protocols: nisplus [NOTFOUND=return] files passwd: files nis shadow: files nis 424 hosts: files dns bootparams: files ethers: files netmasks: files networks: files protocols: files rpc: files services: files automount: files aliases: files netgroup: nis Obviously this host is an NIS client. However NIS is not used for host name resolution. The presented configuration is very common for NIS clients and it includes a number of other configuration data.17.4.2 Once upon a Time
Parts
» Unix Administration. 7485KB Mar 29 2010 05:04:17 AM
» UNIX Operating System UNIX — Introductory Notes
» Berkeley Standard Distribution — BSD UNIX System V or ATT UNIX
» System Administrators Job UNIX System and Network Administration
» Computing Policies UNIX System and Network Administration
» Legal Acts Administration Guidelines
» Code of Ethics Administration Guidelines
» USENIX System Administrators Guild — SAGE
» In This Book UNIX System and Network Administration
» Introduction The Unix Model — Selected Topics
» Access Classes File ProtectionFile Access
» Default File Mode File ProtectionFile Access
» Plain Regular File Socket Named Pipe
» Special File Names Special File Creation
» Process Types Process Attributes
» Process Life Cycles Processes
» System V ATT Flavored ps Command
» Destroying Processes The UNIX kill command will eliminate a process entirely:
» Becoming a Superuser Communicating with Other Users
» The man Command UNIX Online Documentation
» The uptime Command The uptime command displays:
» Personal Documentation UNIX Administration Starters
» Shell Script Execution UNIX Shell Scripts
» Shell Variables UNIX Shell Scripts
» Double Command−Line Scanning
» Introductory Notes System Startup and Shutdown
» The Bootstrap Program System Startup
» The Kernel Execution System Startup
» System States System Startup
» The Outlook of a Startup Procedure
» Initialization Scripts System Startup
» The BSD rc Scripts BSD Initialization Sequence
» BSD−Like Initialization System V Initialization
» An Example Shutdown Procedures
» Introduction to the UNIX Filesystem
» System V Filesystem Directory Organization
» Mounting a Filesystem home, users
» Dismounting a Filesystem home, users
» Automatic Filesystem Mounting Removable Media Management
» BSD Filesystem Configuration File
» Filesystem Types A Few Other Filesystem Issues
» Swap Space — Paging and Swapping
» Loopback Virtual Filesystem A Few Other Filesystem Issues
» Display Filesystem Statistics: The df Command
» Checking Filesystems: The fsck Command
» Introduction UNIX Filesystem Layout
» Disk Partitions Physical Filesystem Layout
» Filesystem Structures Physical Filesystem Layout
» The mkfs Command Filesystem Creation
» File Identification and Allocation
» File Storage vs. File Transfer
» Reserved Free Space Filesystem Performance Issues
» Logical Volume Manager — AIX Flavor
» Logical Volume Manager — Solaris Flavor
» Redundant Array of Inexpensive Disks RAID
» The Volume Snapshot Snapshot
» The Filesystem Snapshot Snapshot
» Virtual UNIX Filesystem Logical Filesystem Layout
» Disk Space Upgrade UNIX Filesystem Layout
» User Database — File etcpasswd
» Initialization Template Files UNIX Login Initialization
» User Login Initialization Files
» Systemwide Login Initialization Files
» Restricted User Accounts Users and Secondary Groups
» Assigning User Passwords Standard UNIX Users and Groups
» Managing Disk Usage by Users
» System V Accounting Accounting
» AIX−Flavored Accounting Accounting
» Physical Security Passwords UNIX Lines of Defense
» File Permissions UNIX Lines of Defense
» Backups Password Encryption UNIX Lines of Defense
» Setting Password Restrictions UNIX Lines of Defense
» The Wheel Group Secure Terminals — Other Approaches
» History of the Root Account Tracking User Activities
» The syslogd Daemon The Concept of System Logging
» The Configuration File etcsyslog.conf
» Linux Logging Enhancements The logger Command
» Testing System Logging System Logging Configuration
» The last Command Limiting the Growth of Log Files
» BSD Printing Subsystem UNIX Printing Subsystem
» The lp, lpstat, and cancel Commands
» The etcprintcap File BSD Printer Configuration and the Printer Capability Database
» Filters BSD Printer Configuration and the Printer Capability Database
» The Printer Database Directory Hierarchy on System V
» Setting a Remote Printer on HP−UX
» BSD and AIX Cross−Printing Solaris and BSD Cross−Printing
» Third−Party Printer Spooling Systems
» The tput Command The tset, tput, and stty Commands
» The stty Command The tset, tput, and stty Commands
» The tar Command Tape−Related Commands
» The cpio Command Tape−Related Commands
» The dd Command Tape−Related Commands
» The mt Command Magnetic Tape Devices and Special Device Files
» The SVR3 and SVR4 backup Commands
» The fbackup Command Backup and Dump Commands
» The dumpufsdump Command Backup and Dump Commands
» Interactive Restore The restore Commands
» The frecover Command Restoring Files from a Backup
» Tape Control UNIX Backup and Restore
» The NTP Daemon Network Time Distribution
» The crontab Files Network Time Distribution
» The crontab Command Network Time Distribution
» Linux Approach Network Time Distribution
» Programs Scheduled for a Specific Time
» UNIX and Networking Network Fundamentals
» TCPIP and the Internet ISO OSI Reference Model
» TCPIP Protocol Architecture Computer Networks
» Internet Protocol IP Internet Layer and IP Protocol
» Network Access Layer Transport Layer and TCP and UDP Protocols
» Application Layer TCPIP Layers and Protocols
» IP Address Classes Data Delivery
» Dynamic Routing Internet Routing
» Protocols, Ports, and Sockets
» UNIX Database Files Multiplexing
» The arp Command Address Resolution ARP
» The portmapper Daemon The etcrpc File
» The ifconfig Command Configuring the Network Interface
» The netstat Command Configuring the Network Interface
» The inetd Daemon Super Internet Server
» Further Improvements and Development
» Host Names and Addresses Domain Name Service DNS
» The Local Host Table — etchosts
» Handling the NIC Host Table — A Journey into the Past
» Other Resolver Parameters BIND Configuration
» Name Servers UNIX Name Service — BIND
» The Configuration File etcnamed.boot
» The named.local File The named.cache file
» Subdomains and Parenting BIND Version 8.X.X
» The nslookup Interactive Mode
» A Few Examples of nslookup Usage
» Purpose and Concepts Network Information Service NIS
» To Create an NIS Client NIS Domain Name
» The etcnetgroup File DatabasesNIS Maps
» Security Issues NIS Management
» The showmount Command Mounting Remote Filesystems
» An Example The Automount Maps
» The rlogin Command The rcp Command
» The HOME.rhosts File Using UNIX r−Commands — An Example
» SSH Configuration Secure Shell SSH
» Root Access SSH Installation and User Access Setup
» SSH — Version 2 Secure Shell SSH
» Simple Mail Transport Protocol SMTP
» Rewriting an E−mail Address Pattern Matching
» Address Transformation The Parsing of E−mail Addresses
» Testing Rewrite Rules The sendmail −bt Command
» The Debugging Level Checking the Mail Queue
» Mail Subcommands The Mail Program and .mailrc File
» POP Transactions Post Office Protocol POP
» Internet Message Access Protocol IMAP
» Finger Common UNIX Network Applications
» The ping Command Host Connectivity
» The traceroute Command Host Connectivity
» The X Administration Philosophy
» Window Managers An Introduction to the X Window System
» xdm Configuration Files The X Display Managers
» Vendor−Specific X Flavors — a Configuration Example
» XDMCP Queries The Xaccess File
» Other Access Control Mechanisms
» Components of the xdm−Based User X Environment
» Other Startup Methods The User X Environment
» A Permanent X11 Installation
» Introduction to Kernel Reconfiguration
» Kernel Configuration Database Kernel Reconfiguration
» The config Command BSD−Like Kernel Configuration Approach
» HP−UX 10.x Kernel Configuration
» UNIX and Modems Introduction to Modems
» Terminal Lines and Modem Control
» C−Kermit Third−Party Communication Software
» UUCP Versions UUCP Chat−Transfer Session
» The UUCP Daemons UUCP Commands, Daemons, and Related Issues
» The UUCP Spool Directories and Files
» Additional Security in BNU UUCP
» Additional Security in Version 2 UUCP
» Intranet vs. Internet Introduction to Intranet
» Intranet Design Approach Introduction to Intranet
» Life Cycle of a Virus Virus Types
» The Viruswall Implementation Viruswalls
» Application Proxies SOCKS Proxies
» Web Services Intranet Front−End Services
» Other External Services Intranet Front−End Services
» Network Infrastructure and Desktops
» Dynamic Host Configuration Protocol DHCP
» UNIX and Not−UNIX Platform Integration
» HP−UX Installation UNIX Installation Procedures
» Linux Installation UNIX Installation Procedures
» Solaris Patch Installation HP−UX Patch Installation
» Solaris and Lost Root Password HP−UX and Lost Root Password
» Solaris Procedure to Create an Alternate Boot Partition
» Solaris Recovery of the Failed Mirrored Boot Disk
Show more