Troubleshoot name service issues

Contributors

When clients experience access failures due to name service issues, you can use the vserver services name-service getxxbyyy command family to manually perform various name service lookups and examine the details and results of the lookup to help with troubleshooting.

About this task
  • For each command, you can specify the following:

    • Name of the node or storage virtual machine (SVM) to perform the lookup on.

      This enables you to test name service lookups for a specific node or SVM to narrow the search for a potential name service configuration issue.

    • Whether to show the source used for the lookup.

      This enables you to check whether the correct source was used.

  • ONTAP selects the service for performing the lookup based on the configured name service switch order.

  • These commands are available at the advanced privilege level.

Steps
  1. Perform one of the following actions:

    [cols="2*",options="header"]
    |===
    | To retrieve the...| Use the command...
    a|
    IP address of a host name
    a|
    `vserver services name-service getxxbyyy getaddrinfo`     `vserver services name-service getxxbyyy gethostbyname` (IPv4 addresses only)
    a|
    Members of a group by group ID
    a|
    `vserver services name-service getxxbyyy getgrbygid`
    a|
    Members of a group by group name
    a|
    `vserver services name-service getxxbyyy getgrbyname`
    a|
    List of groups a user belongs to
    a|
    `vserver services name-service getxxbyyy getgrlist`
    a|
    Host name of an IP address
    a|
    `vserver services name-service getxxbyyy getnameinfo`     `vserver services name-service getxxbyyy gethostbyaddr` (IPv4 addresses only)
    a|
    User information by user name
    a|
    `vserver services name-service getxxbyyy getpwbyname`     You can test name resolution of RBAC users by specifying the `-use-rbac` parameter as `true`.
    a|
    User information by user ID
    a|
    `vserver services name-service getxxbyyy getpwbyuid`
    You can test name resolution of RBAC users by specifying the `-use-rbac` parameter as `true`.
    a|
    Netgroup membership of a client
    a|
    `vserver services name-service getxxbyyy netgrp`
    a|
    Netgroup membership of a client using netgroup-by-host search
    a|
    `vserver services name-service getxxbyyy netgrpbyhost`
    |===
    The following example shows a DNS lookup test for the SVM vs1 by attempting to obtain the IP address for the host acast1.eng.example.com:
    ----
    cluster1::*> vserver services name-service getxxbyyy getaddrinfo -vserver vs1 -hostname acast1.eng.example.com -address-family all -show-source true
    Source used for lookup: DNS
    Host name: acast1.eng.example.com
    Canonical Name: acast1.eng.example.com
    IPv4: 10.72.8.29
    ----
    The following example shows a NIS lookup test for the SVM vs1 by attempting to retrieve user information for a user with the UID 501768:
    ----
    cluster1::*> vserver services name-service getxxbyyy getpwbyuid -vserver vs1 -userID 501768 -show-source true
    Source used for lookup: NIS
    pw_name: jsmith
    pw_passwd: $1$y8rA4XX7$/DDOXAvc2PC/IsNFozfIN0
    pw_uid: 501768
    pw_gid: 501768
    pw_gecos:
    pw_dir: /home/jsmith
    pw_shell: /bin/bash
    ----
    The following example shows an LDAP lookup test for the SVM vs1 by attempting to retrieve user information for a user with the name ldap1:
    ----
    cluster1::*> vserver services name-service getxxbyyy getpwbyname -vserver vs1 -username ldap1 -use-rbac false -show-source true
    Source used for lookup: LDAP
    pw_name: ldap1
    pw_passwd: {crypt}JSPM6yc/ilIX6
    pw_uid: 10001
    pw_gid: 3333
    pw_gecos: ldap1 user
    pw_dir: /u/ldap1
    pw_shell: /bin/csh
    ----
    The following example shows a netgroup lookup test for the SVM vs1 by attempting to find out whether the client dnshost0 is a member of the netgroup lnetgroup136:
    ----
    cluster1::*> vserver services name-service getxxbyyy netgrp -vserver vs1 -netgroup lnetgroup136 -client dnshost0 -show-source true
    Source used for lookup: LDAP
    dnshost0 is a member of lnetgroup136
    ----
  2. Analyze the results of the test you performed and take the necessary action.

    If the…​ Check the…​

    Host name or IP address lookup failed or yielded incorrect results

    DNS configuration

    Lookup queried an incorrect source

    Name service switch configuration

    User or group lookup failed or yielded incorrect results

    Name service switch configuration Source configuration (local files, NIS domain, LDAP client)

    Network configuration (for example, LIFs and routes)

    Host name lookup failed or timed out, and the DNS server does not resolve DNS short names (for example, host1)

    DNS configuration for top-level domain (TLD) queries You can disable TLD queries using the -is-tld-query-enabled false option to the vserver services name-service dns modify command.

Related information