Troubleshooting
Problem
Error messages are generated when a command or program that uses TCP/IP services is run. These messages indicate a failure to open the UNIX file /etc/resolv.conf. The program may run to successful completion with no other indication of an error, or may experience resolver failures (DNS lookup errors). Similar problems may occur with other UNIX files used as inputs, such as /etc/hosts, /etc/ipnodes, /etc/protocol, or /etc/services,.
Symptom
The error messages are similar to the following:
IEC104I 00000006,jobname,step ,SYS00001-000,IGGS0OP1,0004,00000013,
/etc/resolv.conf
IEC141I 013-C0,IGG0199G,jobname,step,SYS00001
Cause
Part of the process of initializing TCP/IP services includes reading the configuration files that affect resolver processing. One of the files in this search order is /etc/resolv.conf. If the UNIX file protection bits do not allow this file to be opened by the user, the above error messages will be seen. Resolver processing treats the failure to open the file as a reason to continue down the search order. If a later file provides all of the information needed to allow successful completion of any name resolution calls, no error will be returned to the calling program.
These messages should have been accompanied with a security violation. Check the logs associated with the SAF product in use on your system (if using RACF, an ICH408I message would have been generated).
Resolving The Problem
Verify that the /etc/resolv.conf is an intended input for all users. If it is not, then use some other file in the search order that is unique to the desired processes and delete the /etc/resolv.conf file. See the Resolver configuration files section of the IP Configuration Guide for more information.
If you decide to use /etc/resolv.conf:
- Verify that the UNIX file protection bits on the /etc directory allow any user to perform a directory search (the execute bit).
- Verify that the UNIX file protection bits on the resolv.conf file allow any user to read the file.
The file protection bits can be listed by the UNIX ls -l command (sample output shown below with the referenced bits highlighted). These values can be changed using one of the following methods:
- The MM selection in the UNIX Directory List utility (option 3.17) when in ISPF (on z/OS 1.8 or above).
- The chmod command from the UNIX shell (logon to the UNIX telnet port, or the OMVS command from TSO).
- The A (attribute) selection from within the ISHELL dialog.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21223276