Overriding the TCP/IP DNS resolver table

IBM Security Guardium S-TAP for IMS uses TCP/IP as a host path for intra- and inter-address space communication of information such as collection policy details and address space status updates. To receive information from an AUIUSTC_(Common Storage Management Utility) address space running on a different LPAR in the sysplex, the AUIASTC_(agent) address space must determine its own physical IP address and make it known to AUIUSTC.

To determine its physical IP address, the IBM Security Guardium S-TAP for IMS agent uses the z/OS getaddrinfo function and passes it to the LPAR name specified in the CVTSNAME field of the z/OS CVT control block. The getaddrinfo function uses the DNS resolver table to map the agent's LPAR name to its physical IP address. The DNS resolver table should contain entries that associate each LPAR within the sysplex to its physical IP address. If there is no association found, the agent (AUIASTC) uses the z/OS gethostname and getaddrinfo services to obtain the physical IP address of its own LPAR; but the IP addresses of other LPARs in the sysplex cannot be determined. In that case, inter-address space communication is not possible and events that occur on other LPARs are not reported to the Guardium appliance. Similarly, inter-address space communications can fail if users of Dynamic Virtual IP Addressing (VIPA) attempt to associate multiple IP addresses to a single VIPA token.

To determine if the LPAR name, in the CVTSNAME field, is included in the DNS table:
  1. Run the Rexx executable that is located in the SAUISAMP data set of member AUIPING.
  2. If the ping is successful, the LPAR name is defined in the DNS table and no further action is required.
  3. If the ping fails due to an unknown host error, the LPAR name was not found in the DNS table. Contact your network administrator to request the addition of the LPAR name and the associated IP address to the DNS table.
Network administrators can manually associate the LPAR name that is found in the z/OS CVTSNAME field with the name that is used in the DNS revolver table by including the AUIHOST DD statement file in all IMS S-TAP agent task address space JCLs.
Required if AUIHOST DD is specified.
Default: None.
Description: Translates the CVTSNAME to the name in the DNS table.
Found in the z/OS CVTSNAME field.
Use the AUIPING REXX exec found in the SAUISAMP data set to obtain that name.
The lpar_name value can be from 1 -- 8 bytes in length.
Found in the DNS table that associates the LPAR with an IP address.
The DNS_NAME value must conform to the following z/OS TCP/IP HOSTNAME rules:
  • Must contain 1 or more tokens separated by a period.
  • Each token must be at least 1 character and less than 64 characters.
  • Each token must start with a letter or number.
  • Remaining characters in each token must be a letter, number, or hyphen.
Example: PRODA(SYSTEM_1)
  • PRODA is the LPAR name found in the CVTSNAME field of your z/OS system
  • SYSTEM_1 is the mnemonic used in your DNS table to relate this LPAR to a TCP/IP address.
The AUIHOST DD statement file must meet the following standards:
  • It must be a sequential file, or a member of a Partitioned Data Set (PDS) or Extended Partitioned Data Set (PDSE).
  • It must be defined with a Fixed Blocked (FB) Record Format (RECFM).
  • It must have a Logical Record Length (LRECL) of 80 bytes.
  • Commented lines can be indicated by an asterisk (*) in column one or by a slash-asterisk (/*) in columns one and two.
  • It must contain all host definitions on one line.
  • Up to 16 DNS names can be specified.
The following is an example of an AUIHOST DD statement file: