How to Specify a Cache-Only or Stub Server

All servers are caching servers in the sense that they all maintain a cache of DNS data. A caching only or stub server is a server that is not a master server for any zone other than the in-addr.arpa. domain.

A cache-only server does not maintain any authoritative data. It handles queries and asks the hosts listed in the in.named file for the information needed. In other words, a cache-only server handles the same kind of queries that authoritative name servers perform, but it does not maintain any authoritative data itself.

The following is a sample boot file for a cache only server.

Example 4-3 Sample Master Boot File for Caching-only Server

;
; Sample named.boot file for caching-only name server
;
; type                  domain                 source file or host
;
directory /var/named
cache                   .                      named.ca
master                 0.0.127.in-addr.arpa   named.local

You do not need a special line to designate a server as a cache-only server. What denotes a cache-only server is the absence of any slave or master authority lines in the boot file, except as noted below.

A cache-only server requires the following.

• A directory line in the boot file

• A master 0.0.127.in-addr.arpa line in the boot file

• A cache . named.ca line in the boot file

How to Add DNS Compatibility and +/- Syntax

This section describes how to add compatibility with the +/- syntax used in the /etc/passwd, /etc/shadow, and /etc/group files when you are using either NIS or NIS+ as your master naming service.

1. Become superuser.

2. Open the /etc/nsswitch.conf file.

3. Change the passwd and groups sources to compat.

   • For use with NIS, enter:

     passwd: compat group: compat

   • For NIS+, enter:

     passwd: compat passwd_compat: nisplus group: compat group_compat: nisplus

   This provides the same syntax as in the Solaris 1.x release. It looks up /etc files and NIS maps as indicated by the +/- entries in the files.

4. Add -+ or -+ netgroup to the /etc/passwd, /etc/shadow, and /etc/group files.

   ---

   Note - If you fail to add the -+ or -+ netgroup entries to /etc/shadow and /etc/passwd, you will not be able to log in.

   ---

5. Save the file and reboot the system.

   Because some library routines do not periodically check the nsswitch.conf file to see whether it has been changed, you must reboot the machine to make sure those routines have the latest information in the file.

Setting up DNS Servers

Initializing the Server

To initialize a server, do the following.

How to initialize the server

1. Become superuser.

2. Install the named.conf configuration file and the required data files, as described in the previous sections.

3. Run in.named.

   #/usr/sbin/in.named

   Instead of running in.named from the command line, you can reboot.

Testing Your Installation

After your boot and data files are set up and in.named running, test your installation.

How to Test Your Installation

1. Become superuser.

2. Check your syslog file for error messages.

   See Chapter 6, DNS Troubleshooting (Reference) for common DNS error messages and troubleshooting information.

3. Look up a host name in the local domain using the nslookup command.

   dnsmaster% nslookup altair Server: dnsmaster.doc.com Address: 192.146.168.5 Name: altair.doc.com Address: 192.146.168.10

   • If your lookup is successful, your name server is probably functioning correctly.

   • If you get a Can't find, or can't initialize address, type of message for your server, or a non-existent domain, type message, it might mean that your server is not correctly listed in the boot file or hosts files.

   • If you get a can't find name or non-existent domain type of message, it might mean that the host you looked up is not in the server's hosts file, or the domain is incorrectly set in resolv.conf, or there is some other server problem.

4. Look up a remote domain name with nslookup.

   If your network is connected to the Internet, look up the name of a remote domain. (If your network is not connected to the Internet, look up the name of a subdomain in another zone, if you have one.)

   For example, to look up the name of the remote internic.net Internet domain, you would enter the following.

   dnsmaster% nslookup internic.net

   Server: dnsmaster.doc.com Address: 192.168.168. Name: internic.net Addresses: 192.168.0.9, 192.168.0.6, 192.168.0.5, 192.168.0.8

   • If you are successful, your name server is probably functioning correctly.

   • If the above command does not find the remote domain name, one possible cause is that your network's connection to the Internet is not functioning properly.

   • Another possible cause is that your named.ca file is not properly installed or set up.

   The second time you use nslookup to find a domain, the answer will be returned as non-authoritative. This is normal because the answer is now coming from your cache, not the remote name server.

5. Look up a host name in your domain from a remote domain.

   If your network is connected to the Internet, look up the name of a host in your domain from a remote domain. If your network is not connected to the Internet, look up the name of a host in your domain from another zone, if you have one.

   For example, to look up the name of a host in your domain, from a remote Internet domain, you would enter two arguments after the nslookup command. The first argument is the name of the host for which you are searching, and the second argument is the name of the name server you are testing.

   remotemachine9% nslookup altair remotemaster.foo.org.

   Server: remotemaster.foo.org Address: 192.168.0.1 Name: altair.doc.com Addresses: 192.168.1.2

   • If you are successful, your name server is probably functioning correctly.

   • If the above command does not find the machine you are searching for, one possible cause is that your domain is not properly registered with whomever is administering the parent domain (.com in the above example).