From: JTurner@hertz.com
Date: Thu Apr 03 2003 - 09:55:03 EST
Many thanks to the following (in the order received):
Mike Keighley
Rita Workman
Craig E. Johnson
Andy Cranston
Bill Hassell
Bob Vance
The long and short of it is that any binary linked with libc.1 will only
default to "continue" for UNAVAIL. For such binaries, NOTFOUND and
TRYAGAIN register as successes, so the search terminates. For our
environment, we will stick with:
hosts: files [NOTFOUND=continue TRYAGAIN=continue] dns
Individual replies follow as well as my original query.
=== Mike Keighley =================
I think the man page says it best. Although, one has to be careful not to
say "RTFM" *too* often around here <g> ...
nsswitch.conf(4) nsswitch.conf(4)
Applications linked with libc.1 will display different default actions
for NOTFOUND and TRYAGAIN. Applications linked with libc.1 will have
the switch search terminate if the Name Service returns a result of
NOTFOUND or TRYAGAIN.
This will be an issue for exisiting nsswitch.conf files that specify
name service lookup criteria that contains no <criterion> between
<source> entries.
Example: hosts: dns files
For applications linked with libc.1, the fallback to files will only
occur if DNS returns UNAVAIL. For all other applications, the
fallback to files will occur unless DNS returns SUCCESS.
For applications linked with libc.1 and other applications to have the
same behavior, a <criterion> must be specified between <source>.
For applications linked with libc.1 and other applications to have the
same behavior, a <criterion> must be specified between <source>.
For libc.1 behavior:
hosts: dns [NOTFOUND=return TRYAGAIN=return] files
For the default system behavior:
hosts: dns [NOTFOUND=continue TRYAGAIN=continue] files
--
Mike
=== Rita Workman =================
There is a default consideration...but if I recall it goes this way:
DNS NIS /etc/hosts
So it will continue by default on the above. In fact if the
nsswitch.conf was missing it would take the above action with the
default values of continue...yada yada yada.
But note that DNS is first and hostfile is the last consideration. So
when you create your nsswitch.conf file and then change the default
order to
files DNS NIS
..you now must put in the source direction considerations.
Hope that made sense, & hope you (we) all make it to Atlanta !
Rita
=== Craig E. Johnson =================
I always do it like this - seems to work:
hosts: files [NOTFOUND=continue] dns [NOTFOUND=continue] nis
Craig
=== Andy Cranston =================
Relying of default behaviour can be risky because the default behaviour
can
change without notice (e.g. after an OS upgrade or applying a set of patch
bundles). I would always be explicit. When you see:
hosts: files[NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] dns
in /etc/nsswitch.conf you know what should be happening and can diagnose
appropriately.
With just:
hosts: files dns
you have to think "what OS and version is this and what is the default
behaviour?" before you can begin to diagnose any problem.
Just my two (Euro) cents worth.
Regards,
Andy Cranston
=== Bill Hassell =================
>> I fear I may have misunderstood a recent reply from Bill Hassell
regarding
/etc/nsswitch.conf. I had always included a "continue" for not found,
unavail, and try again. I believe I read from Bill that the *default*
action was always to continue thus making the explicit continue directives
redundant.
That was straight from the man page. However, it appears that
the man page is wrong or the code isn't working as documented.
For reliability (and documentation) I would explicitly code
the NOTFOUND=continue option.
--
Best regards,
Bill Hassell
=== Bob Vance =================
It's different between 10.20 and 11.00.
Could that be your problem?
In any case, I always spell it out completely so that there is no doubt
and
as self documentation.
>From 10.20:
===============
man 4 switch
...
If no criteria is specified between two sources, then these default
actions are assigned to the statuses:
SUCCESS= return
NOTFOUND= return
UNAVAIL= continue
TRYAGAIN= return
...
This default implies that if one source returns a NOTFOUND, then trust it
that it does not exist and do not continue.
However, most people want to use hosts as a subset of DNS and would rather
have continue on a NOTFOUND.
from 11.00 and 11i:
============================================
man 4 nsswitch.conf
...
The default criteria are to continue on anything except SUCCESS; in
other words, [SUCCESS=return NOTFOUND=continue UNAVAIL=continue
TRYAGAIN=continue].
...
---
Tks
BV
Warm regards to all,
Jim
===========================
Jim Turner
Sr. UNIX Systems Programmer
The Hertz Corporation
"In the beginning of a change, the patriot is a scarce man and brave,
hated and scorned. When his cause succeeds however, the timid join him,
for then it costs nothing to be a patriot." --Mark Twain
----- Forwarded by Jim Turner/MIS/OKC/Hertz on 04/03/2003 08:32 AM -----
JTurner@hertz.com
Sent by: hpux-admin-owner@DutchWorks.nl
04/01/2003 09:13 AM
To:
hpux-admin@DutchWorks.nl
cc:
bcc:
Subject:
[HPADM] nsswitch.conf
Greetings fellow SysAdmins,
I fear I may have misunderstood a recent reply from Bill Hassell regarding
/etc/nsswitch.conf. I had always included a "continue" for not found,
unavail, and try again. I believe I read from Bill that the *default*
action was always to continue thus making the explicit continue directives
redundant. So I started putting only "hosts: files dns" in
/etc/nsswitch.conf, but alas that seems to cause problems, too. See my
mate's email below.
So which is it? I know it works that way in Linux, but is HP-UX
inconsistent?
Thanks as always,
Jim
=== The message ====================================
I was talking to Charles last week about his nsswitch file because he only
had the following information:
hosts: files dns
He stated that you said the NOTFOUND,,,, etc was not necessary and the
above file should work without problem. However, it does not. I used the
same entry in my nsswitch.conf on hpux64 and applications like software
distributor, ntpdate, etc, could not resolve hostnames. I then made my
file look like:
hosts: files[NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] dns
And life was good again. Conclusion, the NOTFOUND, UNAVAIL, statements
are necessary, taking the shortcut will only screw you.
Brent
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact
majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner:
owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse
only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:28 EDT