Procedure 13: verifying access to the domain name servers
You may need to ensure that the security library can resolve host IP addresses and names to the correct host name equivalent through a name server.
- Purpose:
- To ensure that the security library can resolve host IP addresses
and names to the correct host name equivalent through a name server.
The inability to contact a domain name server can inject significant performance degradation to the host based authentication mechanism, and can inject problems into the authentication process.
- Instructions:
- If the cluster nodes are not making use of name servers, skip
this procedure. Verify that both nodeA and nodeB can
access the name servers discovered in Procedure 11: verifying domain name service setup by issuing a ping command
from each system to the name servers. For example:
ping -c1 9.199.1.1
ping -c1 129.90.77.1 - Verifying the diagnostic:
- If the name server can be reached, you will get results similar
to the following:
PING 9.114.1.1: (9.199.1.1): 56 data bytes
64 bytes from 9.199.1.1:icmp_seq=0 ttl=253 time=1 ms
----9.199.1.1 PING Statistics----
1 packets transmitted, 1 packets received, 0% packet loss round-trip
min/avg/max = 1/1/1 msIf the name server cannot be reached, an error message will be displayed:
PING 9.114.1.1: (9.199.1.1): 56 data bytes
----9.199.1.1 PING Statistics----
1 packets transmitted, 0 packets received, 100% packet loss - Failure actions:
- Verify that the correct name or address is being used for the domain name server. Troubleshoot the network connectivity between any failing node and the name server. Consider changing to a backup or alternate name server.
- Next diagnostic procedure:
- None.