IBM Support

The ISAM appliance host name mapping to an IP address

Question & Answer


Question

How is the IBM Security Access Manager ( ISAM ) appliance host name mapped to an IP address and how is the configured host name resolved?

Cause

DNS resolution of appliance name is not intuitive. It can change with the addition/removal of a management ip address. It can produce a different result to the resolution on other appliances using the same DNS server.

Answer

The host name of the ISAM appliance can be defined with two different ways:

1) During the initial configuration of the appliance:

...
Host Name Configuration
Host name: unconfigured.appliance
1: Change the host name
x: Exit
p: Previous screen
n: Next screen

Select option: 1

Change the Host Name
Enter the new host name: isam9030
...

2) After the appliance initial configuration via the Local Management Interface ( LMI ) with the General Networking page under the Networking Configuration ( https://<isam appliance LMI hostname>/isam/net#general )




When the ISAM appliance contains one network interface with one management IP then the host name, defined during the initial configuration, gets mapped to that one management IP. The host name mapping to an IP is implemented in the /etc/hosts file of the appliance by adding an entry for the host name at the end of the file. When resolving a host name, /etc/hosts is always checked first. If there is no entry for the host name in /etc/hosts then
the dns server(s) is queried. So the entry in /etc/hosts takes precedence over the dns server entry. Neither the mapping nor the ordering is exposed in the LMI interface.



In the following setup the primary interface is 1.1 ( eth0 ) and it has one management IP address assigned.




In the DNS server following is configured:
192.168.10.190 isam9030.ibm.net

Example of the host name resolution on the appliance itself:

isam9030:tools> nslookup isam9030.ibm.net
Server:    192.168.10.5
Address 1: 192.168.10.5

Name:      isam9030.ibm.net
Address 1: 192.168.10.190 isam9030

isam9030:tools> nslookup 192.168.10.190
Server:    192.168.10.5
Address 1: 192.168.10.5

Name:      192.168.10.190
Address 1: 192.168.10.190 isam9030


Host name resolution on the other server/appliance:

isam9040:tools> nslookup isam9030.ibm.net
Server:    192.168.10.5
Address 1: 192.168.10.5

Name:      isam9030.ibm.net
Address 1: 192.168.10.190 isam9030.ibm.net

isam9040:tools> nslookup 192.168.10.190
Server:    192.168.10.5
Address 1: 192.168.10.5

Name:      192.168.10.190
Address 1: 192.168.10.190 isam9030.ibm.net

In the above example the same host name resolution gets different result depending on which server resolution is done.




Workaround

The obvious fix would be to change the host name of the appliance to match what is in the DNS record. However that is not always an option or required configuration.

One solution is to add a host entry for the appliance name to match DNS record.
Due to the way /etc/hosts is searched any host entries will take precedence over the entry automatically added at the end of the file.


Add host name mapping into the /etc/hosts file




Host name resolution on the appliance itself:

isam9030:tools> nslookup isam9030.ibm.net
Server:    192.168.10.5
Address 1: 192.168.10.5

Name:      isam9030.ibm.net
Address 1: 192.168.10.190 isam9030.ibm.net

isam9030:tools> nslookup 192.168.10.190
Server:    192.168.10.5
Address 1: 192.168.10.5

Name:      192.168.10.190
Address 1: 192.168.10.190 isam9030.ibm.net

Now the host name resolution matches the DNS record.

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"8.0;9.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Historical Number

PMR

Product Synonym

TAM;ITAM

Document Information

Modified date:
21 June 2018

UID

swg22017418

Page Feedback