Stopping nfsmapid from querying DNS TXT records

With the introduction of NFSv4, user and group identifiers were changed to use the username@domain format. On Solaris hosts, the domain is determined using the following methods:

1. The NFSMAPID_DOMAIN variable is checked in /etc/default/nfs

2. DNS is queried for the _nfsv4idmapdomain TXT record

3. The configured DNS domain is used

4. The file /etc/defaultdomain is consulted

If a site doesn’t update the NFSMAPID_DOMAIN variable when deploying NFSv4, DNS will be queried for the domain to use. If the DNS server doesn’t contain a _nfsv4idmapdomain TXT record, you will see failed queries similar to the following:

host1 -> host2 ETHER Type=0800 (IP), size = 77 bytes
host1 -> host2 IP D=1.2.3.4 S=1.2.3.5 LEN=63, ID=19779, TOS=0x0, TTL=255
host1 -> host2 UDP D=53 S=52032 LEN=43
host1 -> host2 DNS C _nfsv4idmapdomain. Internet TXT ?
________________________________
host2 -> host1 ETHER Type=0800 (IP), size = 77 bytes
host2 -> host1 IP D=1.2.3.5 S=1.2.3.4 LEN=63, ID=26996, TOS=0x0, TTL=254
host2 -> host1 UDP D=52032 S=53 LEN=43
host2 -> host1 DNS R Error: 3(Name Error)

This can of course pose a problem for large sites, since the DNS server will be inundated with queries for records that don’t exist. If you want to stop these DNS queries from happening, you can add the domain to the NFSMAPID_DOMAIN variable in /etc/default/nfs. Shibby!

3 thoughts on “Stopping nfsmapid from querying DNS TXT records”

  1. Hello there, this is new thing for me. I am in basic administration of Unix. But gotta try this out. And as usual, this info is detailed as well.

    Anyways just a question regarding “chattr() equivalent command for Solaris”. You know chattr is used for making file undeletable or unupdatable or few other options are also there on Linux. Anyways can you suggest me the equvalent command for Solaris server. Especially on X86 machine?

    Regards,

  2. Just wanted to say thx! This fix just made for a happy DNS admin at my day job. Always nice to keep those guys smiling.

  3. This is no longer the preferred method in Solaris 11. sharectl should be used. The method listed here is correct for Solaris 10.

    Thanks for the informative post.

Leave a Reply

Your email address will not be published. Required fields are marked *