Re: Multisubnet NIS slave options

[Matthew Crosby <mcrosby@marthon.org>]

On Mon, 29 Jan 2001, William LeFebvre wrote:

> "Shane B. Milburn" wrote:
> > 2. Use the "-ypset" option on the clients to allow them
> >    to bind across the router. We have about 60 machines
> >    per subnet so I'm not sure how this would affect the
> >    router.
> 
> Don't use -ypset.  If you have to do this, use -ypsetme.  But even that is
> living dangerously.  (Of course just using NIS is living dangerously.... 
> :-) )
> 
> Most modern NIS implementations allow you to specify a list of servers that
> a client can bind to.  This list is in
> /var/yp/binding/<domainname>/ypservers.  Each host listed there must also be
> listed in /etc/hosts (since NIS isn't yet working when the binding takes
> place, the servers MUST be listed in the host file).  You should be able to
> list the main server in every client's ypservers file.  This should allow
> the clients to bind through a router.  Check "man ypbind" to see if your
> ypbind allows for this.  And once the upservers file is in place, make sure
> that the startup scripts do NOT invoke ypbind with the -broadcast switch.  

This is true, but one little caveat:  We have found, at least under Solaris,
that Solaris versions prior to 8 have problems with failing over with
explicitly specified ypservers.  In that, they take a looong time (up to
5 minutes when I last did benchmarks).  Sun has fixed it in 8, and supposedly
a recent patch of 7 fixes it, but we still have a large 2.5.1 plant.  So,
much to our distress, (and to the security group's even bigegr disstress :-( ),
we are still running with broadcast in most cases.

However, if you can live with the failover issues, this really is the best
solution.