ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtcpstopdns.htm

69 lines
4.4 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Prevent DNS access" />
<meta name="abstract" content="This article discusses the steps for preventing users from accessing the DNS server." />
<meta name="description" content="This article discusses the steps for preventing users from accessing the DNS server." />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpdns.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="tcpstopdns" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Prevent DNS access</title>
</head>
<body id="tcpstopdns"><a name="tcpstopdns"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Prevent DNS access</h1>
<div><p>This article discusses the steps for preventing users from accessing
the DNS server.</p>
<div class="section">If you do not want anyone to use the DNS server on your system, do
the following:</div>
<ol><li class="stepexpand"><span>To prevent DNS server jobs from starting automatically when you
start TCP/IP, type the following: <kbd class="userinput">CHGDNSA AUTOSTART(*NO)</kbd></span> <p>AUTOSTART(*NO) is the default value.</p>
</li>
<li class="stepexpand"><span>To prevent someone from associating a user application, such as
a socket application, with the port that the system normally uses for DNS,
do the following:</span><ol type="a"><li class="substepexpand"><span>Type <kbd class="userinput">GO CFGTCP</kbd> to display the <span class="uicontrol">Configure
TCP/IP</span> menu.</span></li>
<li class="substepexpand"><span>Select option <span class="uicontrol">4</span> (Work with TCP/IP port
restrictions).</span></li>
<li class="substepexpand" id="tcpstopdns__step2c"><a name="tcpstopdns__step2c"><!-- --></a><span>On the Work with TCP/IP Port Restrictions display,
specify option <span class="uicontrol">1</span> (Add).</span></li>
<li class="substepexpand"><span>For the lower port range, specify <kbd class="userinput">53</kbd>.</span></li>
<li class="substepexpand"><span>For the upper port range, specify <kbd class="userinput">*ONLY</kbd>.</span> <div class="note"><span class="notetitle">Note:</span> The port restriction takes effect the next time that you start
TCP/IP. If TCP/IP is active when you set the port restrictions, you should
end TCP/IP and start it again.</div>
</li>
<li class="substepexpand"><span>For the protocol, specify <kbd class="userinput">*TCP</kbd>.</span></li>
<li class="substepexpand"><span>For the user profile field, specify a user profile name that
is protected on your system. (A protected user profile is a user profile that
does not own programs that adopt authority and does not have a password that
is known by other users.) By restricting the port to a specific user, you
automatically exclude all other users.</span></li>
<li class="substepexpand"><span>Repeat steps 2c through 2g for the *UDP (user datagram)
protocol.</span></li>
</ol>
</li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtcpdns.htm" title="These articles discuss methods for securing the DNS server for authorized users and preventing access to the DNS server.">Security considerations for using DNS server</a></div>
</div>
</div>
</body>
</html>