JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Sun ZFS Storage 7000 System Administration Guide
search filter icon
search icon

Document Information

Preface

1.  Introduction

2.  Status

3.  Configuration

4.  Services

Services

Introduction

Data Services

Directory Services

System Settings

Remote Access

Security

BUI

Viewing a Specific Service Screen

Enabling a Service

Disabling a Service

Defining Properties

Viewing Service Logs

CLI

Selecting a Service

Viewing a Service's State

Enabling a Service

Disabling a Service

Setting Properties

Viewing Service Logs

Service Help

NFS

Introduction

Properties

Kerberos Realms

Logs

Analytics

CLI

Tasks

NFS Tasks

iSCSI

Introduction

Properties

Authentication

Authorization

Targets and Initiators

CLI

Tips

Troubleshooting

SMB

Introduction

Properties

Share Properties

NFS/SMB Interoperability

DFS Namespaces

Autohome Rules

Local Groups

Local Accounts

MMC Integration

Event Viewer

Share Management

Users, Groups and Connections

Services

CLI

Adding autohome rules

Adding a user to a local group

Tasks

SMB Tasks

FTP

Introduction

Properties

FTP Properties

General Settings

Security Settings

Logs

Tasks

FTP Tasks

HTTP

Introduction

Properties

Authentication and Access Control

Logs

Tasks

HTTP Tasks

NDMP

Introduction

Local vs. Remote Configurations

Backup Formats and Types

Backing up with "dump" and "tar"

Backing up with "zfs"

Incremental backups

Properties

Logs

SFTP

Introduction

Properties

SFTP Port

Logs

Tasks

SFTP Tasks

Virus Scan

Introduction

Properties

File Extensions

Scanning Engines

Logs

Tasks

Virus Scan Tasks

NIS

Introduction

Properties

Logs

Tasks

NIS Tasks

LDAP

Introduction

Properties

Custom Mappings

Logs

Tasks

LDAP Tasks

Active Directory

Introduction

Properties

Join Domain

Join Workgroup

Domains and Workgroups

LDAP Signing

Windows Server 2008 Support

Section A: Kerberos issue (KB951191)

Section B: NTLMv2 issue (KB957441)

Section C: Note on NTLMv2

BUI

CLI

Tasks

Active Directory Tasks

Identity Mapping

Concepts

Identity Mapping Concepts

Mapping Modes

IDMU

Directory-based Mapping

Identity Mapping Directory-based Mapping

Properties

Name-based Mapping

Identity Mapping Name-based Mapping

Name-based Mapping Rules

Case Sensitivity

Mapping Persistence

Domain-Wide Rules

Deny Mappings

Mapping Rule Directional Symbols

Ephemeral Mapping

Best Practices

Testing Mappings

Examples

Tasks

Identity Mapping Tasks

DNS

Introduction

Properties

CLI

Logs

Active Directory and DNS

Non-DNS Resolution

DNS-Less Operation

IPMP

Introduction

Properties

Logs

Tasks

NTP

Introduction

Properties

Validation

Authentication

BUI

CLI

BUI Clock

Tips

Tasks

NTP Tasks

Remote Replication

Introduction

Dynamic Routing

RIP and RIPng Dynamic Routing Protocols

Logs

Phone Home

Introduction

Oracle Single Sign-On Account

Properties

Web Proxy

Registration

Status

Service state

Logs

SNMP

Introduction

Properties

MIBs

Sun FM MIB

Sun AK MIB

Tasks

SNMP Tasks

SMTP

Introduction

Properties

Logs

Service Tags

Introduction

Properties

System Identity

Introduction

Properties

Logs

SSH

Introduction

Properties

Logs

Tasks

SSH Tasks

Shadow Migration

Introduction

Properties

Managing Shadow Migration

Syslog

Introduction

Properties

Classic Syslog: RFC 3164

Updated Syslog: RFC 5424

Message Format

Alert Message Format

Receiver Configuration Examples

Configuring a Solaris Receiver

Configuring a Linux Receiver

5.  Shares

6.  Analytics

7.  Integration

Glossary

DNS

Introduction

The DNS (Domain Name Service) client provides the ability to resolve IP addresses to hostnames and vice versa, and is always enabled on the appliance. Optionally, secondary hostname resolution via NIS and/or LDAP, if configured and enabled, may be requested for hostnames and addresses that cannot be resolved using DNS. Hostname resolution is used throughout the appliance user interfaces, including in audit logs to indicate the location from which a user performed an auditable action and in Analytics to provide statistics on a per-client basis.

The configurable properties for the DNS client include a base domain name and a list of servers, specified by IP address. You must supply a domain name and at least one server address; the server must be capable of returning an NS (NameServer) record for the domain you specify, although it need not itself be

authoritative for that domain. You will receive an error message if your DNS server(s) do not meet this requirement.

Properties

Property
Description
DNS Domain
Domain name to search first when performing partial hostname lookups
DNS Server(s)
One or more DNS servers. IP addresses must be used.
Allow IPv4 non-DNS resolution
IPv4 addresses may be resolved to hostnames, and hostnames to IPv4 addresses, using NIS and/or LDAP if configured and enabled.
Allow IPv6 non-DNS resolution
IPv4 and IPv6 addresses may be resolved to hostnames, and hostnames to IPv4 and IPv6 addresses, using NIS and/or LDAP if configured and enabled.

Changing services properties is documented in the BUI and CLI sections of Services.

CLI

The CLI includes builtins for nslookup and getent hosts, which can be used to test that hostname resolution is working:

caji:> nslookup deimos
192.168.1.109   deimos.sf.fishworks.com
caji:> getent hosts deimos
192.168.1.109   deimos.sf.fishworks.com

Logs

Log
Description
network-dns-client:default
Logs the DNS service events

To view service logs, refer to the Logs section from Services.

Active Directory and DNS

If you plan to use Active Directory, at least one of the servers must be able to resolve hostname and server records in the Active Directory portion of the domain namespace. For example, if your appliance resides in the domain example.com and the Active Directory portion of the namespace is redmond.example.com, your nameservers must be able to reach an authoritative server for example.com, and they must provide delegation for the domain redmond.example.com to one or more Active Directory servers serving that domain. These are requirements imposed by Active Directory, not the appliance itself. If they are not satisfied, you will be unable to join an Active Directory domain.

Non-DNS Resolution

DNS is a standard, enterprise-grade, highly-scalable and reliable mechanism for mapping between hostnames and IP addresses. Use of working DNS servers is a best practice and will generally yield the best results. In some environments, there may be a subset of hosts that can be resolved only in NIS or LDAP maps. If this is the case in your environment, enable non-DNS host resolution and configure the appropriate directory service(s). If LDAP is used for host resolution, the hosts map must be located at the standard DN in your database: ou=Hosts,(Base DN), and must use the standard schema. When this mode is used with NFS sharing by netgroups, it may be necessary for client systems to use the same hostname resolution mechanism configured on the appliance, or NFS sharing exceptions may not work correctly.

When non-DNS host resolution is enabled, DNS will still be used. Only if an address or hostname cannot be resolved using DNS will NIS (if enabled) and then LDAP (if enabled) be used to resolve the name or address. This can have confusing and seemingly inconsistent results. Therefore, if you must use non-DNS resolution, best results will likely be achieved by disabling DNS (see next section) and using NIS or LDAP exclusively for host resolution. You can validate host resolution results using the 'getent' CLI command described above.

Use of these options is strongly discouraged.

DNS-Less Operation

If the appliance will be unable to access any DNS servers from its installed location in the network, you may elect to operate without DNS by supplying the server 127.0.0.1. Use of this mode is strongly discouraged; several features will not work correctly, including:

These limitations may be partially mitigated by using an alternate host resolution service; see "Non-DNS Resolution" above.