Date: Wed, 03 Sep 2008 20:22:53 -0400 From: Alex Goncharov <alex-goncharov@comcast.net> To: freebsd-current@FreeBSD.ORG Subject: Re: named mystery -- error: dumping master file: ??master/tmp-wTjhUzoix6 Message-ID: <E1Kb2cf-0000oX-Mu@daland.home> In-Reply-To: <200809031350.m83DoVw6021573@lurza.secnetix.de> (message from Oliver Fromme on Wed, 3 Sep 2008 15:50:31 %2B0200 (CEST)) References: <200809031350.m83DoVw6021573@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
,--- Oliver Fromme (Wed, 3 Sep 2008 15:50:31 +0200 (CEST)) ----*
| Of course you can have both dynamic and static entries within the
| same zone. But the question is: Is that zone only visible to your
| internal network, or is it public?
Internal.
| If it's only internal, then the BIND jail serving that zone should
| be bound to an internal IP address, so an attacker from outside
| cannot break into the BIND jail.
Of course: it is. Plus the firewall is there, the way is should.
| It is usually not a good idea to put dynamic entries of internal
| hosts into a zone that is served to the public internet.
I don't serve any zones to the public internet. If I were, there
would be no dynamic entries in it.
On the other hand, it's hard for me to imagine an internal zone, at
home or at work, that would not mix static and dynamic addresses these
days.
| So it is not only an issue of static vs. dynamic, but also
| internal vs. public.
Right.
P.S. What a delight not to see DNS warnings in my logs -- thanks to
all who replied to my request!
-- Alex -- alex-goncharov@comcast.net --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Kb2cf-0000oX-Mu>