Implementation

There are four ways to integrate NIS with DNS, each of which is described in more detail in the following subsections.

Run NIS without DNS on client and server

This is the default for many systems, including Solaris. In this approach, the name services switch file, nsswitch.conf, is set up so that nis and files are the only directory services listed in the hosts entry of the nsswitch.conf file. The NIS server is configured (by default) to not use DNS to resolve hostnames not found in the hosts map.

Run NIS on client, enable DNS on NIS server

Use the NIS maps first, then go to DNS for hostnames that aren't managed by NIS. This is done using a special flag in the NIS hosts map. NIS is forced to query DNS for hostnames not found in the hosts map if the map is built with the "Inter-Domain" key. The NIS-then-DNS algorithm is embedded in the implementation of ypserv. This means that individual NIS clients don't need to know about the DNS; only the NIS servers will be calling DNS for non-local hostnames. In the NIS Makefile, add the -b flag to the makedbm script for the hosts.byname and hosts.byaddr maps, which will cause the YP_INTERDOMAIN key to be added to the hosts maps. In Solaris, this is done by changing the following lines in /var/yp/Makefile from:

#B=-b B=

to:

B=-b #B=

If a hostname is not found in the NIS map, the YP_INTERDOMAIN keyinstructs NIS to look up the name with the domain name server. Instead of immediately returning an error indicating that the hostname key was not found, ypserv asks the DNS server to look up the hostname. If DNS cannot find the name, then ypserv returns an error to the client. However, if the DNS server locates the hostname, it returns the IP address information to ypserv, and ypserv returns it to the client. Integration of NIS and DNS is completely invisible to the client in terms of calling interfaces: all of the work is done by ypserv on the NIS server. NIS servers locate DNS servers through the resolver interface, which relies on information in the /etc/resolv.conf configuration file. The resolver configuration file should point to at least two DNS servers to provide redundancy in case one DNS server becomes unavailable:

nameserver 130.1.52.28 nameserver 130.1.1.15

The nameserver keyword is used to identify the IP address of a DNS server. The servers are listed by IP address, since hostnames are dependent on the very mechanism being configured by this file. Set up a resolv.conf file on every NIS server.

Run DNS on NIS clients and servers

In this approach, NIS clients and servers ignore NIS for hostnames and use only DNS. Given that DNS is a full-service hostname management system, some network managers choose to eliminate the NIS hosts map file and use pure DNS service for hostnames and IP addresses. On some systems, a new version of gethostent( ) is required that skips the NIS query and directly calls the DNS resolver routines for hostname lookups. Check with your vendor for instructions on how to do this. In Solaris, the name services switch can be used to set the hosts lookups to just DNS. If you disable NIS hostname management and use DNS alone, you'll need to set up a resolv.conf file on every host in the network, so that they can find DNS servers. The main argument for using DNS only is that it consolidates hostname management under one distributed service, instead of having it split across two services. The drawbacks to this approach are that each host is then dependent upon both an NIS and a DNS server for normal operation (if NIS is running), and a reliable DNS server or sufficient resolver information is required to make each small network self-supporting. Widespread use of DNS to replace NIS host maps suffers from the same server availability problems that NIS does -- the entire network is dependent upon reliable and well-behaved servers.

Run NIS on client, enable DNS on NIS client

In this approach, the name services switch file, nsswitch.conf, is set up so that both nis and dns appear in the hosts entry of the nsswitch.conf file. The host maps should not have the "Inter-Domain" key enabled since all that will do is result in hostname resolutions via DNS occurring twice: once in the NIS client and once in the NIS server.