If resolv.conf exists on your NIS server - ypserv will always use DNS forwarding on Solaris.

This is a slightly edited reply of a recent posting on news about setting up your NIS master server. If /etc/resolv.conf exists ypserv will always start with the "-d" option - it does not matter what you do in /var/yp/Makefile (from the man page for ypserv on the "-d" option: go to the DNS (Domain Name Service) for more host information).

To make sure DNS forwarding is turned off

• use "B=" in /var/yp/Makefile
• edit /usr/lib/netsvc/ypstart so ypserv does not start with the "-d" option
• stop/start the nis-server using /usr/lib/netsvc/{ypstop|ypstart}
• use ps or pgrep to check that ypserv is not running with the "-d" option and also check that rpc.nisd_resolv isn't running

A snip from the news posting

ypserv is running with the '-d' option, which according to Answer Book means that it is running without DNS forwarding.

And my reply:

are you dead sure? have you checked ypserv actually does run without "-d" using ps? setting "B=" in /var/yp/Makefile does not prevent ypserv from starting with "-d" as long as /etc/resolv.conf exists (and nsswitch.conf does not matter either - see below). There are perfectly valid reasons for wanting the NIS master to be a "pure" DNS client (without using forwarding for your NIS clients) - ie you want to run nslookup. When setting up NIS servers I normally change the offending lines in /usr/lib/netsvc/ypstart from

if [ -f /etc/resolv.conf ]; then
$YPDIR/ypserv -d && echo ' ypserv\c'
else
$YPDIR/ypserv && echo ' ypserv\c'
fi

to simply

$YPDIR/ypserv && echo ' ypserv\c'

It's still there in Solaris 9 and Sun code maintainers should take note - if we change the "B=" in /var/yp/Makefile we want it to have effect :-|