Date: Mon, 01 Sep 2008 13:39:57 -0400 From: Alex Goncharov <alex-goncharov@comcast.net> To: freebsd-current@FreeBSD.ORG Subject: Re: named mystery -- error: dumping master file: ?master/tmp-wTjhUzoix6 Message-ID: <E1KaDNd-0005he-UV@daland.home> In-Reply-To: <200809011717.m81HHPLO005177@lurza.secnetix.de> (message from Oliver Fromme on Mon, 1 Sep 2008 19:17:25 %2B0200 (CEST)) References: <200809011717.m81HHPLO005177@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
,--- Oliver Fromme (Mon, 1 Sep 2008 19:17:25 +0200 (CEST)) ----* | Forget the FAQ. You should read the ARM (Administrator | Reference Manual), especially the section on dynamic | updates. Thanks -- I will most certainly do it! | The static zones live in the "master" directory, and the | dynamic ones live in the "dynamic" directory. | | Some people advise against serving both static (public) and dynamic | (internal) master zones from the same server. That's precisely for | the security reason you mentioned: If an external attacker could | gain access to your named via an exploit, he could manipulate your | dynamic zones (though not your static ones if permissions are | configured correctly). Therefore it might be a good idea to serve | static and dynamic zones from different named instances in separate | jails that are bound to appropriate (public vs. internal) IP | addresses. In most environments I've been, including my home environment, the idea that static and DHCP addresses have to be in different zones, and/or be served by various DNS servers, would not be met enthusiastically and probably would not fly at all. At home, I have some static addresses and the rest is DHCP-assigned -- all in one zone. Having two zones to accommodate a couple of static addresses for the servers doesn't sound like a good idea to me. Thank you for your excellent explanations -- I just learned something valuable and now know what I have to read. -- Alex -- alex-goncharov@comcast.net --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1KaDNd-0005he-UV>