Thanks James and Gerald,
Ever vigilant you are correct, DB2 does a GetHostByAddr not
From the DB2 V7 Installation Manual
"DB2 Issues a gethostbyaddr using the local IP address obtained
gethostid to obtain the fully qualified domain name. "
Now the question stands:
Is the GetHostByAddr a genuine security problem on OS/390 ?
Gerald, I will try and find the author of the report and ask them
substantiate their statement. As to how experienced the actual
the suggestion was, I do not like my chances of finding out, but
the man is always an option.
From: DB2 Data Base Discussion List
[mailto:[login to unmask email]On
Behalf Of James Campbell
Sent: Tuesday, 13 August 2002 10:48 PM
To: [login to unmask email]
Subject: Re: DB2 GetHostByName
Not that I know the answer to your question, but isn't a reverse
lookup gethostbyaddr? gethostbyname being a forward lookup.
On 13 Aug 2002 at 19:58, Peter Schwarcz wrote:
> When DDF starts, DB2 appears to do a reverse DNS lookup, that
> After an external security audit my customer was advised to
> DNS lookup OFF. Naturally, the next time DDF was started it
failed so we
> turned the reverse lookup back on.
> Has anyone had to deal with this issue ?
> Is the GetHostByName a genuine security problem on OS/390
> Is there a work around that will allow DB2 and DDF to resolve
> without a reverse lookup ?
> Thanks in advance
> Peter Schwarcz