Scott,

Scott Klement wrote:


You are correct and Scott was a little strong on his opinion there. While it is not REQuIRED to have your systems name and IP address in it's own host table for things to work correctly it is usually the case. The only time it works well NOT to have the name in there is if DNS is set up to inlclude the proper entries. Servers such as *SMTP *MGTC *HTTP(ADMIN) and others need to know that the name being used resolves an IP address that is on the system. Without this, "Unpredictable (but predictably bad) results will occur."


I can see why that would be needed for e-mail. The other thing it might be useful for is verifying digital certificates. I don't see why you'd need it for HTTP or MGTC.

The problem is that certain servers on the iSeries when they start up check to see where they are running. They look at the information set with CHGTCPDMN (CFGTCP option 12) to determine the FQDN for the system. They then make appropriate TCP calls to resolve that name to an IP address. The address returned is then checked to see if that IP address is local to the system the server is starting on. If not, they will sometimes not start or in other cases not operate properly. This problem is the #1 reason for these servers to fail to start or run properly.



But frankly, if you're using the HOST TABLE to verify digital certificates, or route e-mail, something is very wrong.

Not to route email, just for the server to know that www.xyzdomain.com does in fact live on THIS server. If that cannot be verified then OS/400's SMTP server will never accept mail for the domain because it does not believe that it should.



With e-mail, it means that you have to define every mail server and destination system in your host table for the entire world. And keep it up to date!

Not reccomended by me or anyone I know. In fact since you cannot put MX records into the iSeries hosts table you can't use hosts tables for email anyway.


Why wouldn't you just set up DNS?

Absolutely. There are only two situations where I routinely utilize the HOSTS table on OS/400. 1) What we are discussing here to make sure that OS/400 knows it's own IP Address and 2) Anynet names such as myas500.appn.sna.ibm.com since creating an ibm.com domain for this in your DNS server is nearly certain to cause 'seriously unpredictable results.'



For digital certificates, what you're doing is bypassing the security checks. It's not REALLY validating the certificate, because you could set any value you wanted in the host table whether it's correct or not. It would be more of a workaround to avoid proper validation than anything else.


I maintain that it's a very bad idea.

I agree


Also, none of this relates to FTP, which was the question. When FTP data channels are established, it's the IP address that's sent with the PORT command, or as a response to the PASV command. Not the domain name. So DNS/HOST lookup will NOT cause a data channel connection to fail -- which is clearly what's failing.

Agreed. I wasn't responding to this issue specifically, rather the insinuation that the HOSTS table should never be used.


Hopefully this clears it up at least a little.

 - Larry

--
Larry Bolhuis IBM eServer Certified Systems Expert:
Vice President iSeries Technical Solutions V5R2
Arbor Solutions, Inc. iSeries LPAR Technical Solutions V5R2
1345 Monroe NW Suite 259 iSeries Linux Technical Solutions V5R2
Grand Rapids, MI 49505 iSeries Windows Integration Technical Solutions V5R2
IBM eServer Certified Systems Specialist
(616) 451-2500 iSeries System Administrator for OS/400 V5R2
(616) 451-2571 - Fax AS/400 RPG IV Developer
(616) 260-4746 - Cell iSeries System Command Operations V5R2


If you can read this, thank a teacher....and since it's in English, thank a soldier.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.