SUMMARY: nsswitch.conf

From: Jacob Ritorto <>
Date: Fri Nov 09 2001 - 15:59:00 EST
        As I feared (and sort of expected), nsswitch.conf is not the
ultimate dictator of the method by which a Sun machine performs name
resolution.  Here are some name resolution caveats for my scenario (old yp
slave server yp-bound to itself and resorting to dns if no match comes up
in the yp map):

        There's the name service cache daemon - nscd(1M).  When
troubleshooting resolution quirks, it's best to kill this fellow to
simplify debugging.

        There's the B environment variable in the /var/yp Makefile.
Here's a fairly self-explanitory excerpt from that file:
# Set the following variable to "-b" to have NIS servers use the domain
# resolver for hosts not in the current domain.

        There's the /usr/lib/netsvc/yp/ypstart script which is run during
boot in the /etc/rc hierarchy and starts ypserv with -d (check dns after
checking yp) if you have an /etc/resolv.conf file.  Here's an excerpt from
that script:

    # start NIS server
        if [ -x $YPDIR/ypserv -a -d /var/yp/$domain ]; then
                if [ -f /etc/resolv.conf ]; then
                        $YPDIR/ypserv -d && echo ' ypserv\c'
                        $YPDIR/ypserv && echo ' ypserv\c'

        And there's the /etc/nsswitch.conf file, which you apparently
can't just edit and expect it to take affect.  Some degree of downing and
upping the system must take place.  I couldn't play with this as my yp
slaves are all in production at the moment..

        As usual, the replies came quickly and in abundance.  Thanks to
everyone who responded, especially Gary Richardson who gave excerpts to
back up his annotations; Gary Foster with the warning about needing to
reset after altering nsswitch.conf and Darren Dunham with the cache
warning and B variable tip.

Jacob Ritorto
Marconi Engineering Infrastructure Administrator

On Fri, 9 Nov 2001, Jacob Ritorto wrote:

> Hi,
> 	When using yp, is /etc/nsswitch.conf taken seriously by the
> Solaris 7 resolver routines?  It seems to me that it's not.  I'm using the
> nsswitch.nis file (copied to nsswitch.conf) and am still able to get
> resolution for names that aren't in our yp maps, but are in dns somewhere
> (i.e.  I do have /etc/resolv.conf, but don't mention dns in
> the hosts line in nsswitch.conf.
> 	What's going on?
> tia
> ws
> --jake

