# which named
/usr/sbin/named
# /usr/sbin/named -?
usage: named [-4|-6] [-c conffile] [-d debuglevel] [-f|-g]
[-n number_of_cpus] [-p port] [-s]
[-t chrootdir] [-u username]
[-m {usage|trace|record|size|mctx}]
The diagnostic options (-d, -f, -g, -s and -m) are irrelevant here.
The above options which could be initially more relevant are highlighted.
Fortunately, there are associated SMF properties to manipulate them.
Both man pages and on-line documentation are complementary.
Thus, also check Managing DNS (Tasks).
In fact, the -4 isn't that important after all.
By default, both IPv4 and IPv6 transports are used.
If IPv6 isn't being used as it's most probably still the case, disable it.
This is addressed by the -4 equivalent on options/ip_interfaces.
# svcprop -p options/ip_interfaces dns/server:default
all
# svccfg -s dns/server:default
...> setprop options/ip_interfaces = "IPv4"
...> refresh
...> exit
# svcprop -p options/ip_interfaces dns/server:default
IPv4
NOTE
The -u option may be useful for additional security.NOTE
Not running a daemon as root is at least a good practice.
For robustness it's better to use a local user account.
This avoids dependency on any directory service.
Note that /var/run/named is the default directory,
and in many circumstances there are dependencies on this
which requires a great deal of specific administration efforts.
This by exception administration is error prone and unreliable.
It's better to rely on immutable zones to mitigate security issues.
This is a unique feature of Solaris 11!
The -t option isn't really of concern in face of immutable zones.
When rebooting a DNS server (or some other service) on immutable zones for maintenance, in addition to the -w (read-write mode) option also use the -s (single-user mode) option with the boot or reboot zoneadm subcommands.
gz# zoneadm -z dns-1 shutdown
gz# zoneadm -z dns-1 boot -w -s
or perhaps
gz# zoneadm -z dns-1 reboot -w -- -s
