What are _nfsv4idmapdomain DNS errors?


#1

In an NFS environment it is common to see DNS errors for: _nfsv4idmapdomain. It also usually shows up with the company domain attached at the end.

With the introduction of NFSv4, user and group identifiers were changed to use the username@domain format. On Solaris system the following methods are used to determine this information:

The NFSMAPID_DOMAIN variable is checked in /etc/default/nfs
DNS is queried for the _nfsv4idmapdomain TXT record
The configured DNS domain is used
The file /etc/defaultdomain is consulted

If a site doesn’t update the NFSMAPID_DOMAIN variable when deploying NFSv4, DNS will be queried for the domain to use. If the DNS server doesn’t contain a _nfsv4idmapdomain TXT record, you will see failed queries. This can, of course, pose a problem for large sites, since the DNS server will be inundated with queries for records that don’t exist.

To correct this problem the following can be done:

On Solaris: Set the NFSMAPID_DOMAIN variable in /etc/default/nfs to the proper qualified domain.
On Linux (RedHat): Check the settings in /etc/idmapd.conf configuration file. By default this should be set in the [General] section to: Domain = localdomain, which, on a properly configured system, should use the local domain that has been specified in the system configuration settings. This variable can be changed to use another domain if required.