Go to main content

Working With Oracle® Solaris 11.4 Directory and Naming Services: DNS and NIS

Exit Print View

Updated: November 2020

Overview of the Name Service Switch

The name service switch is a configurable selection service that enables an administrator to specify which name information service or source to use for each type of network information. Each of the name information services is called a database. The name service switch is used by client applications that call any of the getXbyY() interfaces, such as the following:

  • gethostbyname()

  • getpwuid()

  • getpwnam()

  • getaddrinfo()

Each system has its own configuration in an SMF repository. Each property defined in the name service switch identifies a particular database, such as a host, password, or group. The value assigned to each property lists one or more sources from which to request the information. Sometimes, these values include guidance or options. The guidance might include how many retries to a service must be attempted, which timeout to apply, or what to do if the service fails.

The name service switch also controls DNS forwarding for clients as described in Managing DNS Server and Client Services. DNS forwarding grants Internet access to clients.

Databases and Sources for the Name Service Switch

You configure databases that are supported by the name service switch by using SMF services. To obtain a listing of these databases, use the svccfg command as shown in the following example.

# svccfg -s name-service/switch listprop config
config                      application
config/default              astring             files
config/password             astring             "files nis"
config/group                astring             "files nis"
config/host                 astring             "files nis"
config/network              astring             "nis [NOTFOUND=return] files"
config/protocol             astring             "nis [NOTFOUND=return] files"
config/rpc                  astring             "nis [NOTFOUND=return] files"
config/ether                astring             "nis [NOTFOUND=return] files"
config/netmask              astring             "files nis"
config/bootparam            astring             "nis [NOTFOUND=return] files"
config/publickey            astring             "nis [NOTFOUND=return] files"
config/netgroup             astring             nis
config/automount            astring             "files nis"
config/alias                astring             "files nis"
config/service              astring             "files nis"
config/printer              astring             "user nis"
config/auth_attr            astring             "files nis"
config/prof_attr            astring             "files nis"
config/project              astring             "files nis"

Note -  The timezone table does not use the name service switch, so the table is not included in the property list for the switch.

    From the SMF perspective, these databases are considered configurable properties of the service. Each database stores the following type of information:

  • alias – Email addresses and aliases

  • auth_attr – Authorization names and descriptions

  • automount – Information about remote file systems that could be mounted locally

  • bootparam – Boot information for diskless clients

  • ether – Ethernet addresses and matching host names

  • group – Information about groups that can be used to share access to files

  • host – IP address and matching host names

  • netgroup – Information for shared NFS file systems

  • netmask – Network masks used to implement IP subnets

  • network – Name and number for each network

  • password – User account information

  • prof_attr – Execution profile names, descriptions, and other attributes

  • project – Project names, unique identifiers, and associated resource allocations

  • protocol – Internet protocol names, protocol numbers, and aliases

  • publickey – Public key information

  • rpc – Names and numbers of RPC programs

  • service – Name, port, and protocol for Internet services

  • tnrhdb – Security attributes for a host using the Trusted Extensions feature of Oracle Solaris

  • tnrhtp – Templates used by Trusted Extensions

In addition, the default property in the name service switch defines the source string for any database that is not otherwise defined. The value for this property is set to files to indicate that all the databases and their information are found locally in the /etc directory. You can set up a different configuration for the default property based on available sources. See How to Change the Source for All Naming Databases for the procedure.

The default property enables you to configure a source that universally applies to the databases, instead of configuring each database's source.

    The kind of sources that can be listed in the name service switch for the databases are as follows:

  • ad – Identifies databases stored on an Active Directory server.

  • pam_list – Replaces the obsoleted compat database. It can be used for password and group information to support old-style + or - syntax in the /etc/passwd, /etc/shadow, and /etc/group files.

  • dns – Specifies that host information must be obtained from DNS.

  • files – Specifies a file stored in the client's /etc directory, for example, /etc/passwd.

  • ldap – Specifies that entries must be obtained from the LDAP directory.

  • mdns – Specifies hosts information by using mDNS.

  • nis – Specifies an NIS map, for example, the hosts map.

Note -  The switch search criteria for the auto_home and auto_master tables and maps is combined into one category, which is called automount.

Source Formats for the Name Service Switch

    You can use the following search criteria formats to select one or more information sources, and to specify the order in which the sources are used.

  • Single Source – If an information type has only one source, such as files, a search routine that uses the switch searches for the information in that source only. If the routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine stops searching and returns a different status message. What the routine does with the status message varies from routine to routine.

  • Multiple Sources – If a database contains multiple sources for a given information type, the switch directs the search routine to search in the first listed source. If the routine finds the information, the routine returns a success status message. If the routine does not find the information in the first source, the routine tries the next source. The routine searches all sources until the routine has found the information, or until the routine is halted by a return specification. If all of the listed sources are searched without finding the information, the routine stops searching and returns a non-success status message.

By default in the Oracle Solaris 11 release, the first source is files. This configuration prevents system freezes if the next source listed is not available.

Status Messages for the Name Service Switch

If a routine finds the information, the routine returns a success status message. If the routine does not find the information, the routine returns one of three error status messages. Possible status messages are as follows:

  • SUCCESS – Requested entry was found in the specified source.

  • UNAVAIL – Source is either unresponsive or unavailable. In other words, none of the database sources could be found or accessed.

  • NOTFOUND –Source responded with "No such entry." In other words, the database was accessed, but the needed information was not found.

  • TRYAGAIN – Source is busy and might respond next time. In other words, the database was found but could not respond to the query.

Switch Action Options for the Name Service Switch

    You can instruct the name service switch to respond to status messages with either of the following two actions:

  • return – Stop looking for the information.

  • continue – Try the next source.

    In addition, for the TRYAGAIN status message, you can define the following actions:

  • forever – Retry the current source indefinitely

  • n – Retry the current source n more times

Default Search Criteria for the Name Service Switch

The combination of the name service switch status message and action options determine what the search routine does at each step. The combination of the status message and action options make up the search criteria.

The switch's default search criteria are the same for every source. Some of the search criteria are as follows:

  • SUCCESS=return – Stop looking for the information. Proceed using the information that has been found.

  • UNAVAIL=continue – Go to the next name service switch source and continue searching. If this source is the last or only source, return with a NOTFOUND status.

  • NOTFOUND=continue – Go to the next name service switch source and continue searching. If this source is the last or only source, return with a NOTFOUND status.

  • TRYAGAIN=forever – Searches the current name service switch source indefinitely.

  • TRYAGAIN=3 – Searches the current source three times. After exhausting three retries, the TRYAGAIN action transitions to continue and searches the next name service switch source.

You can change the default search criteria by explicitly specifying another criteria by using the STATUS=action syntax. For the procedure, see How to Configure a Search Criterion for a Database.

Note -  Lookups in the name service switch are performed in the order in which items are listed. However, password updates are performed in reverse order unless otherwise specified by using the passwd –r repository command. For more information, see Name Service Switch and Password Information.

The client library routines contain compiled-in default entries that are used if no specific SMF property or default SMF property is defined in the name service switch, or if the property is syntactically incorrect. Typically, these compiled-in defaults are files only.

keyserv and publickey Entries in the Name Service Switch

The keyserv daemon reads the publickey properties in the name service switch only when keyserv is started. If you change the name service switch properties, keyserv does not register the changes until you restart the keyserv daemon by using svcadm refresh svc:/network/rpc/keyserv:default. You must run this command after the properties have been changed and the name-service/switch service has been refreshed so that the property changes are loaded into the SMF repository.