This article discusses the steps for preventing users from accessing
the DNS server.
If you do not want anyone to use the DNS server on your system, do
the following:
- To prevent DNS server jobs from starting automatically when you
start TCP/IP, type the following: CHGDNSA AUTOSTART(*NO)
AUTOSTART(*NO) is the default value.
- To prevent someone from associating a user application, such as
a socket application, with the port that the system normally uses for DNS,
do the following:
- Type GO CFGTCP to display the Configure
TCP/IP menu.
- Select option 4 (Work with TCP/IP port
restrictions).
- On the Work with TCP/IP Port Restrictions display,
specify option 1 (Add).
- For the lower port range, specify 53.
- For the upper port range, specify *ONLY.
Note: The port restriction takes effect the next time that you start
TCP/IP. If TCP/IP is active when you set the port restrictions, you should
end TCP/IP and start it again.
- For the protocol, specify *TCP.
- For the user profile field, specify a user profile name that
is protected on your system. (A protected user profile is a user profile that
does not own programs that adopt authority and does not have a password that
is known by other users.) By restricting the port to a specific user, you
automatically exclude all other users.
- Repeat steps 2c through 2g for the *UDP (user datagram)
protocol.