Z/VM DNS (DOMAIN NAME SYSTEM) SUPPORT AND CONFIGURATION STATEMENT
APAR Identifier ...... II14444 Last Changed ........ 08/10/16 Z/VM DNS (DOMAIN NAME SYSTEM) SUPPORT AND CONFIGURATION STATEMENT Symptom ...... DD DOC Status ........... INTRAN Severity ................... 4 Date Closed ......... Component .......... INFOPALIB Duplicate of ........ Reported Release ......... 001 Fixed Release ............ Component Name PA LIB INFO ITE Special Notice Current Target Date .. Flags SCP ................... Platform ............ Status Detail: Not Available PE PTF List: PTF List: Parent APAR: Child APAR list: ERROR DESCRIPTION: IBM strongly recommends that the z/VM DNS server not be configured in an internet-facing configuration. That is, do not directly connect the z/VM DNS server to an external network such as the public internet. The following documentation presents the supporting data for this recommendation. . The z/VM DNS server is not a BIND (Berkeley Internet Name Domain) implementation and only supports the basic DNS RFC's 1034 and 1035. Based on the current usage and the commodity nature of DNS servers, the z/VM DNS server is non-strategic and IBM has no plans to provide BIND v9 and/or IPv6 support for this server. . IBM recommends that all deployments of the z/VM DNS server be caching-only mode, positioned behind a firewall within a trusted network pointing to a full-function, current DNS server that implements accepted security methods. This configuration is less likely to create an exposure that a configuration to an external network would, while providing efficient caching of name resolution for the z/VM TCP/IP server suite. . Future configuration planning should account for the eventual removal of the native DNS server from the z/VM TCP/IP product. LOCAL FIX: