If resolv.conf exists on your NIS server - ypserv will always use DNS forwarding on Solaris.

This is a slightly edited reply of a recent posting on news about setting up your NIS master server. If /etc/resolv.conf exists ypserv will always start with the "-d" option - it does not matter what you do in /var/yp/Makefile (from the man page for ypserv on the "-d" option: go to the DNS (Domain Name Service) for more host information).

To make sure DNS forwarding is turned off

• use "B=" in /var/yp/Makefile
• edit /usr/lib/netsvc/ypstart so ypserv does not start with the "-d" option
• stop/start the nis-server using /usr/lib/netsvc/{ypstop|ypstart}
• use ps or pgrep to check that ypserv is not running with the "-d" option and also check that rpc.nisd_resolv isn't running

A snip from the news posting

ypserv is running with the '-d' option, which according to Answer Book means that it is running without DNS forwarding.

And my reply:

are you dead sure? have you checked ypserv actually does run without "-d" using ps? setting "B=" in /var/yp/Makefile does not prevent ypserv from starting with "-d" as long as /etc/resolv.conf exists (and nsswitch.conf does not matter either - see below). There are perfectly valid reasons for wanting the NIS master to be a "pure" DNS client (without using forwarding for your NIS clients) - ie you want to run nslookup. When setting up NIS servers I normally change the offending lines in /usr/lib/netsvc/ypstart from

if [ -f /etc/resolv.conf ]; then
$YPDIR/ypserv -d && echo ' ypserv\c'
else
$YPDIR/ypserv && echo ' ypserv\c'
fi

to simply

$YPDIR/ypserv && echo ' ypserv\c'

It's still there in Solaris 9 and Sun code maintainers should take note - if we change the "B=" in /var/yp/Makefile we want it to have effect :-|

Hands-off (non-interactive) Solaris package removal - example using old Gnome packages.

Having to answer lots of yes/no questions on package dependencies is a pain when doing Solaris package administration; so here is a quick how-to on how to avoid the questions. First create /tmp/noask with the following contents (edited copy of /var/sadm/install/admin/default):

mail=
instance=unique
partial=nocheck
runlevel=nocheck
idepend=nocheck
rdepend=nocheck
space=nocheck
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default

Then execute something like this to remove the old Gnome packages before installing the new Sun supported 2.0 version (remove-gnome from the 2.0 beta script failed for me):

for p in `pkginfo | grep -i gnome | sort | awk '{print $2}'`
do
  pkgrm -n -a /tmp/noask $p
done

Solaris Guide for New Sys Admins - updated: half of our suggestions included.

"The Solaris™ OE Guide for New System Administrators" by Rolf Kersten has been updated to version 1.13e. Around half of my suggestions for improvement are included. My main gripes are fixed, but I still think turning on UFS logging is vital.

We also got mentioned in Sun's BigAdmin Newsletter (mailing list):
Solaris OE Guide for New System Administrators has been updated. Special thanks to Hal at sundot.com for his input.

Quick how-to on setting up Sun eeprom aliases for alternative boot disks.

This is just a quick reference. The information is fleshed further out in several Sun Blueprints with the string "boot disk" contained in the title (e.g. "Towards a Reference Configuration for VxVM Managed Boot Disks" - where the cat ./myaliases trick is found).

The alias names are different in the various BluePrints - some use "rootdisk/rootmirror" and others use "bootdisk/bootmirr". It does not really matter as long as it is obvious what the alias is for.

# ls -l /dev/dsk/c0t0d0s2
lrwxrwxrwx   1 root     root          41 Jan 20 18:15 /dev/dsk/c0t0d0s2 ->
../../devices/pci@1f,4000/scsi@3/sd@0,0:c
# ls -l /dev/dsk/c2t0d0s2
lrwxrwxrwx   1 root     root          40 Jan 20 18:15 /dev/dsk/c2t0d0s2 ->
../../devices/pci@4,4000/scsi@4/sd@0,0:c

# cat myaliases
devalias rootdisk /pci@1f,4000/scsi@3/disk@0,0
devalias rootmirror /pci@4,4000/scsi@4/disk@0,0
# 
# eeprom nvramrc="`cat ./myaliases`" 

# eeprom boot-device='rootdisk rootmirror'
# eeprom diag-device='rootdisk rootmirror'
# eeprom "use-nvramrc?=true"

Solaris Guide for New Sys Admins - useful guide for newbies, but contains errors.

"The Solaris^TM OE Guide for New System Administrators" by Rolf Kersten has been front page stuff on Sun's bigadmin site for a while now and claims to contain the 20% of Solaris knowledge that solves 80% of your needs. A new version (1.12e) is out and these notes refer to this one.
20030116: got an email from Rolf today and (some of) my suggested changes will be incorporated into the next version.

First let me just say that it is a good reference document with overall sound advice (37 pages of it). I am sure it will be of great help to new admins or people moving up from Linux. It is geared towards administrators of Solaris workstations (big sections on CDE and OpenGL). I specially like the book recommendations which only contains two books - Unix Power Tools and the Unix System Administration Handbook. The chapter on graphics is very useful for admins who normally deals with headless servers.

I think there is plenty of room for improvement:

• section 1.4.5 on disabling network interface error messages is mentioning setenv tpe_link test false. Firstly it is not good practice to turn off the link test just to make valid informational messages disappear (ifconfig unplumb interface is a better option); secondly the correct statement is setenv tpe-link-test? false. I would remove the whole of the section.
• section 2.2 on disk partitions: Rolf Kersten recommends using 1 cylinder for the DiskSuite metadatabases. That's what I was doing until I read Sun's "Configuring Boot Disks With Solaris[tm] Volume Manager Software (October 2002) ". This blueprint recommends 30 mb (which will probably be more than one cylinder). Each state database replica is now 4Mb (Solaris 9) and that is probably why the size recommendation has been increased. You might as well start using the 30 mb recommendation - Solaris will round up the 30mb to the nearest cylinder boundary and 30 mb is peanuts.
• section 2.5.5 on tapes: ufsdump really should be mentioned for backups (tar is quick and dirty; it also has pitfalls like problems restoring tapes written with absolute paths).
• section 2.7 on SDS: again I refer to the blueprint. In a mirrored two disk configuration (common on a small web server or a workstation) do not create 3 state replicas on one disk and 4 on the other one. Instead create 2 replicas on each disk and add the following line (to disable the quorum rule) to /etc/system:
  set md:mirrored_root_flag=1.
  Note: only do this in a 2 disk configuration.
• section 8.1 on /etc files: the hostname is also found in
  /etc/net/{ticlts,ticots,ticotsord}/hosts and potentially in /etc/inet/ipnodes (>=Solaris 8). If changing the ip-address do check/update /etc/defaultrouter, /etc/netmasks, /etc/resolv.conf and the nis servers in /etc/hosts as well.
• section 8.1 on /etc files: Rolf uses an example of an Ultra 60 workstation named "u60". New system administrators should not be encouraged to name any machine in this matter (or any scheme which involves site names, room numbers, hardware types etc. Schemes which always seem to be favoured by Microserfs). New unix system administrators should instead first read Choosing a Name for Your Computer and then call their workstation something like balder, pippin or eel instead.
• 8.6 on setting up a DNS client: the search yourdomain.com is normally included in /etc/resolv.conf.
• 8.9.10 on setting up network interface properties. The ndd -set sequence is wrong. First you set the capabilities, then you turn off auto negotiation (this is a very common mistake). The sequence is clearly documented for all network interfaces I have come over, including the eri driver. Failing to configure in this sequence might leave you with unexpected settings for your ethernet interface. See also my posting on setting and checking ethernet interface settings.
• UFS file system logging should be turned on. There is no reason not to - specially now that Sun has announced that for Solaris 9 12/02 the performance of UFS logging improves or exceeds the level of performance of non-logging file systems.

A few other things worth mentioning (hints and personal preferences):

• section 1.1 on OK prompt: you type go at the ok prompt. Although Go and GO actually both works (at least on the machine I tested it on) it's better to get in the habit of using all lowercase at the ok prompt.
• 2.6 on cloning: judging by the links in /usr/platform (Solaris 8 and 9) I do think you can clone an Ultra10 to an Ultra60 (they both point to Ultra1). I have cloned an Ultra2 to an Ultra1 Creator without any adverse effects.
• 2.7 on mirroring: I do not like Rolf's naming scheme for the metadevices (d54 for the root filesystem?). For small systems I prefer names like d10 (first mirror) and d20 (second mirror) for the submirrors of d0 (being the root file system).
• 4.1 on installation: the statement that unless you install Entire+OEM only drivers for hardware present in the system would be installed is simply not true. The package differences between "Entire+OEM" and "Entire" are minimal - in fact for Solaris 9 it is just 2 packages (2 files:/kernel/misc/sparcv9/phx and /kernel/misc/phx - you have to wonder why Sun just don't bundle it all in a package called "Entire" and get rid of the confusing OEM cluster).
• 7.3 on hosts file and sendmail: I add
  127.0.0.1 localhost localhost.localdomain to /etc/inet/hosts.
• 8.4 on default router: (strictly informational) you can have more than one defaultrouter in /etc/defaultrouter.
• 10.5 on web browser: the Netscape Navigator used in Solaris 8 is pretty crippled (when it comes to CSS support among other things). Download a newer version (or get Opera/Mozilla).
• 11.1 on top 3 hints: C-shell - don't use it at all would be my tip ;-). Use ksh.
• Gnome should possibly be mentioned.