RE: i5 DNS server - replacing PC host table entries

["Wilt, Charles" <WiltC@xxxxxxxxxx>]

John,

Just out of curiosity, have you tried accessing the corporate DNS servers?

I've never heard of anybody "securing" a DNS server from use.  Protected from updates sure, but not
queries.  Although looking at the manual, it is possible....I just don't really see the sense.  For an
internal server, why would you allow somebody on your network, but not access the DNS?

Ideally, your DNS servers would forward all request for anything other than ourdivision.com to the
corporate DNS servers.  

Otherwise....loading a given list of A records is equivalent to pre-loading the DNS cache on your
server....I think, though honestly I couldn't find any information about doing so <grin>

Can you just add an A record?  I didn't think you could....but this page has me wondering....
http://publib.boulder.ibm.com/pubs/html/as400/v4r5/ic2924/index.htm?info/RZAISCONVERTH.HTM

or http://tinyurl.com/4mppe6


(from Converting host table entries to DNS)
Suppose that an AS/400 host table contained these entries: 

       10.110.42.1     host1
       10.110.42.2     host2.mycompany.com
                           host2alias.mycompany.com
       10.110.42.3     host3.mycompany.com.
       10.110.69.1     host4.mycompany.com
       10.110.69.2     host5.othercompany.com.

host5.othercompany.com  IN  A      10.110.69.2


 Good luck!

Charles Wilt 
Software Engineer
CINTAS Corporation - IT 92B
513.701.1307

wiltc@xxxxxxxxxx


> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-
> bounces@xxxxxxxxxxxx] On Behalf Of johnking@xxxxxxx
> Sent: Thursday, April 10, 2008 5:36 PM
> To: Midrange Systems Technical Discussion
> Subject: RE: i5 DNS server - replacing PC host table entries
>
> Charles,
>
>  Turns out you remembered correctly! I just added a second primary zone
> called
> "ourheadqtrs.com" to the i5 server, added an A record, updated the server
> and
> flushed my DNS cache. The PC client can now resolve a URL pointing to the
> A
> record, but any other reference to "ourheadqtrs.com" returns a 404. I
> suppose
> this is what the DNS tutorials meant then they referred to
> "authoritative".
>
>  Unfortunately, some of the corporate apps do seem to use hardcoded domain
> names,
> which is why I hoped to be able to handle a list of specific A records,
> then use
> a wildcard or a default or something to tell DNS to go resolve the
> remainder in
> its normal fashion. I'm surprised that DNS lacks what seems to me like a
> very
> basic feature...
>
>  Ultimately, the solution is to get our division authorized to the
> corporate DNS
> server but any changes to the corporate security policies require lots of
> time,
> paperwork, signatures, hoop-jumping and bribes. Especially since our
> department
> is a relatively recent acquisition.
>
>  Thanks!, JK
>
>
> On Thu 08/04/10 15:02 , 'Wilt, Charles'  sent:
> > I'm a little rusty on DNS, but somebody correct me if I'm wrong....
> >
> > The problem I see is that Jon wants http://someapp.ourheadqtrs.com to be
> resolved by the
> > i5 DNS whileat the same time anything else to the ourheadqtrs.com would
> be resolved
> > normally by his ISPs DNSservers.
> >
> > If he adds an ourheadqtrs.com zone to his i5, won't his i5 resolve
> > everything for ourheadqtrs.com?
> > IIRC, there are two other options:
> > --Preload the URL's of the selected apps into your i5 DNS server cache.
> >
> > -- Create Alias records in your domain for the apps.  Thus, you're users
> > would be usinghttp://someapp.ourdivision.com to access the apps.
> > Hopefully, your corporate apps weren't writtenwith a hardcoded domain.
> Still,
> you might have issues if the apps cross
> > servers.
> > HTH,
> >
> > Charles Wilt
> > Software Engineer
> > CINTAS Corporation - IT 92B
> > 513.701.1307
> >
> > wiltc@Cintas
> > .com
> > > -----Original Message-----
> > > From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-> bounces@
> > midrange.com] On Behalf Of Chris Bipes> Sent: Thursday, April 10, 2008
> 4:45 PM
> > > To: Midrange Systems Technical Discussion
> > > Subject: RE: i5 DNS server - replacing PC host table
> > entries>
> > > We are running about 10 primary zones.  You can have
> > all the zones you> want, within reason.  Basically when your client
> > performs a DNS query,> your DNS server looks at the URL for the ZONE, if
> > found, the host.>
> > > www.domain.com would be
> > zone of domain.com and host of www.  If you> don't want anyone going to
> an
> external web site such as
> > microsoft.com,> you can add that zone to your DNS server.  With no
> > host, they will never> be able to reach microsoft.com, unless they
> change
> > their IP config to a> different DNS server.
> > > Chris Bipes
> > > Director of Information Services
> > > CrossCheck, Inc.
>
> ---- Msg sent via Internet America Webmail - www.internetamerica.com
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.



This e-mail transmission contains information that is intended to be confidential and privileged.  If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful.  Please reply to the message immediately by informing the sender that the message was misdirected.  After replying, please delete and otherwise erase it and any attachments from your computer system.  Your assistance in correcting this error is appreciated.