Skip to main content

Configure DNS services (ONTAP 9.8 and later)

Contributors netapp-barbe netapp-aherbin
PDFs

You must configure DNS services for the SVM before creating an NFS or SMB server. Generally, the DNS name servers are the Active Directory-integrated DNS servers for the domain that the NFS or SMB server will join.

About this task

Active Directory-integrated DNS servers contain the service location records (SRV) for the domain LDAP and domain controller servers. If the SVM cannot find the Active Directory LDAP servers and domain controllers, NFS or SMB server setup fails.

SVMs use the hosts name services ns-switch database to determine which name services to use and in which order when looking up information about hosts. The two supported name services for the hosts database are files and dns.

You must ensure that dns is one of the sources before you create the SMB server.

Note To view the statistics for DNS name services for the mgwd process and SecD process, use the Statistics UI.
Steps

  1. Determine what the current configuration is for the hosts name services database. In this example, the hosts name service database uses the default settings.

    vserver services name-service ns-switch show -vserver vs1 -database hosts

    Vserver: vs1
Name Service Switch Database: hosts
Vserver: vs1 Name Service Switch Database: hosts
Name Service Source Order: files, dns

  2. Perform the following actions, if required.

    1. Add the DNS name service to the hosts name service database in the desired order, or reorder the sources.

      In this example, the hosts database is configured to use DNS and local files in that order.

      vserver services name-service ns-switch modify -vserver vs1 -database hosts -sources dns,files

    2. Verify that the name services configuration is correct.

      vserver services name-service ns-switch show -vserver vs1 -database hosts

      Vserver: vs1
Name Service Switch Database: hosts
Name Service Source Order: dns, files

  3. Configure DNS services.

    vserver services name-service dns create -vserver vs1 -domains example.com,example2.com -name-servers 10.0.0.50,10.0.0.51

    Note The vserver services name-service dns create command performs an automatic configuration validation and reports an error message if ONTAP is unable to contact the name server.

  4. Verify that the DNS configuration is correct and that the service is enabled.

    Vserver: vs1
Domains: example.com, example2.com Name Servers: 10.0.0.50, 10.0.0.51
Enable/Disable DNS: enabled Timeout (secs): 2
Maximum Attempts: 1

  5. Validate the status of the name servers.

    vserver services name-service dns check -vserver vs1

Vserver  Name Server  Status  Status Details
vs1      10.0.0.50    up      Response time (msec): 2
vs1      10.0.0.51    up      Response time (msec): 2

Configure dynamic DNS on the SVM

If you want the Active Directory-integrated DNS server to dynamically register the DNS records of an NFS or SMB server in DNS, you must configure dynamic DNS (DDNS) on the SVM.

Before you begin

DNS name services must be configured on the SVM. If you are using secure DDNS, you must use Active Directory-integrated DNS name servers and you must have created either an NFS or SMB server or an Active Directory account for the SVM.

About this task

The specified fully qualified domain name (FQDN) must be unique:

The specified fully qualified domain name (FQDN) must be unique:

  • For NFS, the value specified in -vserver-fqdn as part of the vserver services name-service dns dynamic-update command becomes the registered FQDN for the LIFs.

  • For SMB, the values specified as the CIFS server NetBIOS name and the CIFS server fully qualified domain name become the registered FQDN for the LIFs. This is not configurable in ONTAP. In the following scenario, the LIF FQDN is "CIFS_VS1.EXAMPLE.COM":

    cluster1::> cifs server show -vserver vs1

                                          Vserver: vs1
                         CIFS Server NetBIOS Name: CIFS_VS1
                    NetBIOS Domain/Workgroup Name: EXAMPLE
                      Fully Qualified Domain Name: EXAMPLE.COM
                              Organizational Unit: CN=Computers
Default Site Used by LIFs Without Site Membership:
                                   Workgroup Name: -
                                   Kerberos Realm: -
                             Authentication Style: domain
                CIFS Server Administrative Status: up
                          CIFS Server Description:
                          List of NetBIOS Aliases: -
Note To avoid a configuration failure of an SVM FQDN that is not compliant to RFC rules for DDNS updates, use an FQDN name that is RFC compliant. For more information, see RFC 1123.
Steps

  1. Configure DDNS on the SVM:

    vserver services name-service dns dynamic-update modify -vserver vserver_name -is- enabled true [-use-secure {true|false} -vserver-fqdn FQDN_used_for_DNS_updates

    vserver services name-service dns dynamic-update modify -vserver vs1 -is-enabled true - use-secure true -vserver-fqdn vs1.example.com

    Asterisks cannot be used as part of the customized FQDN. For example, *.netapp.com is not valid.

  2. Verify that the DDNS configuration is correct:

    vserver services name-service dns dynamic-update show

    Vserver  Is-Enabled Use-Secure Vserver FQDN      TTL
-------- ---------- ---------- ----------------- -------
vs1      true       true       vs1.example.com   24h