| Skip Navigation Links | |
| Exit Print View | |
|
Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Working With Naming and Directory Services in Oracle Solaris 11.1 Oracle Solaris 11.1 Information Library |
Part I About Naming and Directory Services
1. Naming and Directory Services (Overview)
2. Name Service Switch (Overview)
Multicast DNS Service Discovery
DNS and the Service Management Facility
How to Install the DNS Package
How to Create an rndc.conf File
How to Configure DNS Server Options
How to Run the DNS Service as an Alternative User
How to Enable mDNS and DNS Service Discovery
Compilation Flags Used When BIND Was Built
4. Setting Up Oracle Solaris Active Directory Clients (Tasks)
Part II NIS Setup and Administration
5. Network Information Service (Overview)
6. Setting Up and Configuring NIS (Tasks)
9. Introduction to LDAP Naming Services (Overview)
10. Planning Requirements for LDAP Naming Services (Tasks)
11. Setting Up Oracle Directory Server Enterprise Edition With LDAP Clients (Tasks)
12. Setting Up LDAP Clients (Tasks)
13. LDAP Troubleshooting (Reference)
14. LDAP Naming Service (Reference)
The following tasks are documented:
Normally, the DNS package is automatically installed with the Oracle Solaris release. If the package was not included when the server was installed, use the following procedure to install the package.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# pkg install pkg:/service/network/dns/bind
Note - Configuring named to specify a change root directory is not recommended. A more secure option is to create a Solaris Zone and configure named to run within that zone.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
Before the named daemon will start, a valid configuration file must exist. The file is called /etc/named.conf by default. The configuration of named might be very simple. An empty file provides sufficient information to configure a caching only server, assuming that DNS root servers are accessible.
# touch /etc/named.conf # named-checkconf -z /etc/named.conf
This file is used to configure remote control access of the DNS server.
# rndc-confgen -a wrote key file "/etc/rndc.key"
# svcadm enable network/dns/server
The /etc/rndc.conf file is used to configure remote control access of the DNS server daemon, named, by using the rndc command. To create a default file, use the following procedure. Refer to the rndc.conf(4) man page for further options.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# rndc-confgen -a wrote key file "/etc/rndc.key
# svcadm restart dns/server:default
This procedure explains how to select the IPv4 transport protocol for named traffic. See the named(1M) man page.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# svccfg -s network/dns/server svc:/network/dns/server:default> setprop options/ip_interfaces = "IPv4" svc:/network/dns/server:default> quit
# svcadm refresh network/dns/server # svcadm enable network/dns/server
This procedure explains how to assign a user the relevant authorizations to manage the named daemon.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# usermod -A solaris.smf.manage.bind dnsadmin
# svccfg -s network/dns/server svc:/network/dns/server:default> setprop start/user = dnsadmin svc:/network/dns/server:default> setprop start/group = dnsadmin svc:/network/dns/server:default> exit
Because only root has write access to create the default process ID file, /var/run/named/named.pid, the named daemon must be configured to use an alternative file.
# mkdir /var/named/tmp # chown dnsadmin /var/named/tmp
Add the following lines to the named.conf file:
# head /etc/named.conf
options {
directory "/var/named";
pid-file "/var/named/tmp/named.pid";
};# svcadm refresh svc:/network/dns/server:default # svcadm restart svc:/network/dns/server:default
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
First, list the domains to search and the IP addresses for the DNS name servers. Then, update the SMF repository.
# svccfg -s network/dns/client
svc:/network/dns/client> setprop config/search = astring: ("example.com" "sales.example.com")
svc:/network/dns/client> setprop config/nameserver = net_address: (192.168.1.10 192.168.1.11)
svc:/network/dns/client> select network/dns/client:default
svc:/network/dns/client:default> refresh
svc:/network/dns/client:default> quitThe first command updates the DNS configuration information in the SMF repository.
# svccfg -s system/name-service/switch svc:/system/name-service/switch> setprop config/host = astring: "files dns" svc:/system/name-service/switch> select system/name-service/switch:default svc:/system/name-service/switch:default> refresh svc:/system/name-service/switch:default> quit
The /etc/resolv.conf is still used by some processes so after any changes to the SMF repository that would change the contents of the file, the file should be recreated.
# nscfg export svc:/network/dns/client:default
# svcadm enable network/dns/client # svcadm enable system/name-service/switch
All of these steps do not have to be followed. If you think you find the problem in an early step you may proceed to step 6 to get the service running properly.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
# svcs -x dns/server:default svc:/network/dns/server:default (BIND DNS server) State: online since Tue Oct 18 19:35:00 2011 See: named(1M) See: /var/svc/log/network-dns-server:default.log Impact: None.
# tail /var/svc/log/network-dns-server:default.log
# grep named /var/adm/messages
Running named in the foreground forces all logging to standard error so that it is easier to identify problems.
# named -g
# svcadm clear dns/server:default # svcs dns/server:default STATE STIME FMRI online 17:59:08 svc:/network/dns/server:default
When modifying the DNS configuration, you can verify the syntax of the /etc/named.conf file with the named-checkzone command.
For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.1 Administration: Security Services.
In this example, the default directory is changed.
# echo 'options {directory "/var/named";};' > /etc/named.conf# named-checkconf /etc/named.conf:1: change directory to '/var/named' failed: file not found /etc/named.conf:1: parsing failed
In this example, the check failed because the /var/named directory has not yet been created.
# mkdir /var/named
# svcadm restart svc:/network/dns/server:default
|