From owner-freebsd-current@FreeBSD.ORG Wed Sep 3 13:50:38 2008 Return-Path: Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AECCE106566C for ; Wed, 3 Sep 2008 13:50:38 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (unknown [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id 2501D8FC1A for ; Wed, 3 Sep 2008 13:50:37 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.2/8.14.2) with ESMTP id m83DoWEe021574; Wed, 3 Sep 2008 15:50:32 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.2/8.14.2/Submit) id m83DoVw6021573; Wed, 3 Sep 2008 15:50:31 +0200 (CEST) (envelope-from olli) Date: Wed, 3 Sep 2008 15:50:31 +0200 (CEST) Message-Id: <200809031350.m83DoVw6021573@lurza.secnetix.de> From: Oliver Fromme To: freebsd-current@FreeBSD.ORG, Alex Goncharov In-Reply-To: X-Newsgroups: list.freebsd-current User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.3-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 03 Sep 2008 15:50:33 +0200 (CEST) Cc: Subject: Re: named mystery -- error: dumping master file: ??master/tmp-wTjhUzoix6 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-current@FreeBSD.ORG, Alex Goncharov List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Sep 2008 13:50:38 -0000 Alex Goncharov wrote: > In most environments I've been, including my home environment, the > idea that static and DHCP addresses have to be in different zones, > and/or be served by various DNS servers, would not be met > enthusiastically and probably would not fly at all. At home, I have > some static addresses and the rest is DHCP-assigned -- all in one > zone. Having two zones to accommodate a couple of static addresses > for the servers doesn't sound like a good idea to me. Of course you can have both dynamic and static entries within the same zone. But the question is: Is that zone only visible to your internal network, or is it public? If it's only internal, then the BIND jail serving that zone should be bound to an internal IP address, so an attacker from outside cannot break into the BIND jail. It is usually not a good idea to put dynamic entries of internal hosts into a zone that is served to the public internet. So it is not only an issue of static vs. dynamic, but also internal vs. public. Ideally your internal and public DNS would run on different machines, but that's probably overkill for a home network (I assume you don't have a DMZ network at home). Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "We will perhaps eventually be writing only small modules which are identi- fied by name as they are used to build larger ones, so that devices like indentation, rather than delimiters, might become feasible for expressing local structure in the source language." -- Donald E. Knuth, 1974