From owner-freebsd-current@FreeBSD.ORG Mon Sep 1 17:40:00 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B3F1E1065682 for ; Mon, 1 Sep 2008 17:40:00 +0000 (UTC) (envelope-from alex-goncharov@comcast.net) Received: from QMTA07.emeryville.ca.mail.comcast.net (qmta07.emeryville.ca.mail.comcast.net [76.96.30.64]) by mx1.freebsd.org (Postfix) with ESMTP id 94CE18FC08 for ; Mon, 1 Sep 2008 17:40:00 +0000 (UTC) (envelope-from alex-goncharov@comcast.net) Received: from OMTA02.emeryville.ca.mail.comcast.net ([76.96.30.19]) by QMTA07.emeryville.ca.mail.comcast.net with comcast id 9SUZ1a00X0QkzPwA7Vg0bY; Mon, 01 Sep 2008 17:40:00 +0000 Received: from daland.home ([24.61.21.4]) by OMTA02.emeryville.ca.mail.comcast.net with comcast id 9Vfy1a00605H7zL8NVfzwe; Mon, 01 Sep 2008 17:39:59 +0000 X-Authority-Analysis: v=1.0 c=1 a=MOE8-hbERY8A:10 a=y3Be58pVqgkA:10 a=rITDv7nW5hcA:10 a=w4t_P5V44vApi16t8q0A:9 a=k13AldOkiX_SSz5Vg0O2TuSK7hgA:4 a=si9q_4b84H0A:10 a=mhQ4J5QMNLoA:10 Received: from algo by daland.home with local (Exim 4.69 (FreeBSD)) (envelope-from ) id 1KaDNd-0005he-UV for freebsd-current@FreeBSD.ORG; Mon, 01 Sep 2008 13:39:57 -0400 From: Alex Goncharov To: freebsd-current@FreeBSD.ORG In-reply-to: <200809011717.m81HHPLO005177@lurza.secnetix.de> (message from Oliver Fromme on Mon, 1 Sep 2008 19:17:25 +0200 (CEST)) References: <200809011717.m81HHPLO005177@lurza.secnetix.de> Message-Id: Sender: Alex Goncharov Date: Mon, 01 Sep 2008 13:39:57 -0400 Cc: Subject: Re: named mystery -- error: dumping master file: ?master/tmp-wTjhUzoix6 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alex Goncharov List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Sep 2008 17:40:00 -0000 ,--- Oliver Fromme (Mon, 1 Sep 2008 19:17:25 +0200 (CEST)) ----* | Forget the FAQ. You should read the ARM (Administrator | Reference Manual), especially the section on dynamic | updates. Thanks -- I will most certainly do it! | The static zones live in the "master" directory, and the | dynamic ones live in the "dynamic" directory. | | Some people advise against serving both static (public) and dynamic | (internal) master zones from the same server. That's precisely for | the security reason you mentioned: If an external attacker could | gain access to your named via an exploit, he could manipulate your | dynamic zones (though not your static ones if permissions are | configured correctly). Therefore it might be a good idea to serve | static and dynamic zones from different named instances in separate | jails that are bound to appropriate (public vs. internal) IP | addresses. In most environments I've been, including my home environment, the idea that static and DHCP addresses have to be in different zones, and/or be served by various DNS servers, would not be met enthusiastically and probably would not fly at all. At home, I have some static addresses and the rest is DHCP-assigned -- all in one zone. Having two zones to accommodate a couple of static addresses for the servers doesn't sound like a good idea to me. Thank you for your excellent explanations -- I just learned something valuable and now know what I have to read. -- Alex -- alex-goncharov@comcast.net --