Re: z/OS TCP/IP question: name resolution order/override

2016-09-22 Thread Phil Smith
Charles Mills wrote: > Do you "own" the target host? Can you issue your own SSL/TLS server certificate? >Because you can issue a certificate for an IP address as well as for a name (or for both one or two names and one or two addresses). Cute feature: with a name, you can wildcard the high order

Re: z/OS TCP/IP question: name resolution order/override

2016-09-22 Thread Charles Mills
September 21, 2016 4:49 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: z/OS TCP/IP question: name resolution order/override Paul Gilmartin wrote: > In the interim, could they just use the IP address? No, it's an SSL (TLS) connection. Need to add

Re: z/OS TCP/IP question: name resolution order/override

2016-09-21 Thread Rob Schramm
Easy. There is a directive to either do DNS first or Local first. Previous poster LOOKUP. Use local first if you want faster resolution for chatty DNS apps.. like Websphere. Convert to COMMONSEARCH to get unix, STC/TSO to resolve the same. Rob Schramm On Wed, Sep 21, 2016, 7:07 PM Paul

Re: z/OS TCP/IP question: name resolution order/override

2016-09-21 Thread Paul Gilmartin
On Wed, 21 Sep 2016 19:06:08 -0500, Paul Gilmartin wrote: >> >Someone once told me how to start a ssh client to work as >a NAT for AT/TLS. Tried it. Sort of worked. Didn't pursue >it because I didn't need it. And my ssh client was on a laptop >not subject to enterprise security. > Oops.

Re: z/OS TCP/IP question: name resolution order/override

2016-09-21 Thread Paul Gilmartin
On Wed, 21 Sep 2016 16:48:37 -0700, Phil Smith wrote: >Paul Gilmartin wrote: >> In the interim, could they just use the IP address? > >No, it's an SSL (TLS) connection. Need to address by hostname. > Someone once told me how to start a ssh client to work as a NAT for AT/TLS. Tried it. Sort of

Re: z/OS TCP/IP question: name resolution order/override

2016-09-21 Thread Phil Smith
Paul Gilmartin wrote: > In the interim, could they just use the IP address? No, it's an SSL (TLS) connection. Need to address by hostname. > Or choose a friendly nameserver in /etc/resolv.conf? Hm? The host isn't *in* DNS, or is in wrong. That's the problem.

Re: z/OS TCP/IP question: name resolution order/override

2016-09-21 Thread Tony Harminc
On 21 September 2016 at 18:40, Phil Smith wrote: > I had some vague idea that on z/OS, the Resolver can use some or all of: > > 1. DNS > > 2. Its own configuration data sets, via GLOBALIPNODES statements > > 3. /etc/hosts > > I just spent some time looking at IBM

Re: z/OS TCP/IP question: name resolution order/override

2016-09-21 Thread Paul Gilmartin
On Wed, 21 Sep 2016 15:40:24 -0700, Phil Smith wrote: > >What I'm really looking for is a way for a user-possibly a sysprog-to define >or override a hostname-to-IP mapping to test something. We keep coming across >customer systems that don't have a DNS entry for a server that uses SSL (TLS),

z/OS TCP/IP question: name resolution order/override

2016-09-21 Thread Phil Smith
I had some vague idea that on z/OS, the Resolver can use some or all of: 1. DNS 2. Its own configuration data sets, via GLOBALIPNODES statements 3. /etc/hosts I just spent some time looking at IBM doc, and what I found seems to support this. What I couldn't seem to grok was