1745926 Members
4312 Online
108723 Solutions
New Discussion

Re: DNS : nsswitch.conf

 
SOLVED
Go to solution
Muthyala
Frequent Advisor

DNS : nsswitch.conf

Hi

 

This is on HP-UX 11.23 server running Oracle DB, We have 3 DNS entries configured on resolv.conf file. Last week we had DNS outage on Primary DNS server which is the 1st entry in the resolv.conf file.

 

Clients were not able to connect to the server even though  other two DNS servers were working whose entries are listed has 2 and 3 on resolv.conf file.

 

I want to know why the HP-UX server didn't failure to next DNS entry ?.

 

Also can any one get their working nsswitch.conf file and their default owner and permission.

 

TIA

 

1 REPLY 1
Bill Hassell
Honored Contributor
Solution

Re: DNS : nsswitch.conf

The normal handling of a dead DNS server is to wait approximately 20 seconds before trying the next entry in resolv.conf. This value is dependent on two settings for resolv.conf (see the man page), retry and retrans. retry defaults to 4 and retrans is 5 seconds (4*5=20 secs). However, for 11.31, the rules are quite convoluted (and not documented in the man page. They work like this:

 

For the number of retries and servers in resolv.conf, repeat these steps based on the rules in nsswitch.conf:

1. First time, use retrans as is.
2. Then, for the rest, multiply retrans by 2 and divide it by number of nameserver servers. This value is then set as the timeout for the poll() call. To use an example with retrans 5000 and retry of 4 (defaults): The retransmission value is calculated for this case, as follows (3 is the number of name servers): 1st try: 5000ms 2nd try: 5000ms * 2/3 apx. 3 secs
3rd try: 5000ms * 4/3 apx. 7 secs
4th try: 5000ms * 8/3 apx. 13 secs

 To change the nameserver timeouts, just add the two lines with new values to resolv.conf:

 

retrans 3000

retry 2

 

This will appear to be a failure as most applications and tools will look like they have failed but may eventually recover when trying the next entry . However, DNS is a critical service for your clients too. They will have similar difficulties unless they are using different DNS servers.

 

The correct settings for /etc/nsswitch.conf is 444 owned by root:sys. The default permissions, ownerships and contents of many HP-UX config files will be found in /usr/newconfig/etc.

 

My recommendation for nsswitch.conf is:

 

passwd:       files
group:        files
hosts:        files [NOTFOUND=continue UNAVAIL=continue] dns
ipnodes:      files [NOTFOUND=continue UNAVAIL=continue] dns
services:     files
networks:     files
protocols:    files
rpc:          files
publickey:    files
netgroup:     files
automount:    files
aliases:      files

 

ipnodes is relatively new. Always specify it to avoid difficulties in various versions of HP-UX and patch levels.

The default name resolution in this example is /etc/hosts file (files), for several reasons:

 

1. It is significantly faster than DNS as the look ups are in memory (the file will be cached by the HP-UX buffer cache)

 

2. Changes are immediate -- no waiting on a DNS administrator to change the server(s).

 

3. Temporary changes are easy to add and delete.

 

Naturally, for many servers, making these changes would require syncing the hosts file. But this is good practice. Every server should be using the same hosts file. And by using a good transfer script from the reference system to all servers, the file can be updated in seconds for dozens of servers.

 



Bill Hassell, sysadmin