× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2016

RE: "3 out of 4 IBM i machines I work on do not have DNS servers specified" Why not?

We don't use it (DNS SERVER on IBM i) and recommend our customers do not use
it for the security issues. It will not pass an audit as discussed earlier
(BIND responses show old versions that fail audits).

Linux-based DNS servers are easier to manage and can be easily replicated.
The boxes are cheap so you get easy redundancy, and DNS requires multiple
boxes for reliability, of course. Configuring multiple Linux BIND instances
is way easier than one IBM i instance and then Linux instances.

The i should use DNS for resolution, and have a setting for appropriate DNS
servers in CFGTCP. It should just be from OTHER DNS servers in the
enterprise, when security is an issue at all.

Ira Chandler
Curbstone Corporation


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Booth
Martin
Subject: Re: "3 out of 4 IBM i machines I work on do not have DNS servers
specified" Why not?

Thus my question. If 3 out of 4 IBM i Series machines are not enabling
their DNS, there must be a compelling reason. Is that reason reluctance,
fear, and generally not understanding what the DNS feature offers a typical
iSeries shop? Is it technically challenging with so little benefit as to
not be worth the candle? Is it something else?

I have been looking at enabling the DNS on a development box that is on an
Intranet and playing around with it. All the reading so far suggests that
it is possible, confusing but not complicated, and beneficial. None of
what I have seen so far would keep 3 out of 4 shops from using the feature.
In other words the words do not support the facts on the ground. So...
what am I not seeing? What is the rest of the story?


On 12/8/2016 7:11 PM, DrFranken wrote:
No No No. The correct answer is installing a faster DNS. DNS should be
Secure, light, quick, reliable. And of course all of that means it
needs to be properly implemented!

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.