From owner-freebsd-current@FreeBSD.ORG  Thu Sep  4 00:22:56 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B9A6F1065A10
	for <freebsd-current@freebsd.org>; Thu,  4 Sep 2008 00:22:56 +0000 (UTC)
	(envelope-from alex-goncharov@comcast.net)
Received: from QMTA03.emeryville.ca.mail.comcast.net
	(qmta03.emeryville.ca.mail.comcast.net [76.96.30.32])
	by mx1.freebsd.org (Postfix) with ESMTP id 9F7D08FC1A
	for <freebsd-current@freebsd.org>; Thu,  4 Sep 2008 00:22:56 +0000 (UTC)
	(envelope-from alex-goncharov@comcast.net)
Received: from OMTA07.emeryville.ca.mail.comcast.net ([76.96.30.59])
	by QMTA03.emeryville.ca.mail.comcast.net with comcast
	id AKNT1a00c1GXsucA3QNwRY; Thu, 04 Sep 2008 00:22:56 +0000
Received: from daland.home ([24.61.21.4])
	by OMTA07.emeryville.ca.mail.comcast.net with comcast
	id AQNu1a00505H7zL8TQNvpx; Thu, 04 Sep 2008 00:22:55 +0000
X-Authority-Analysis: v=1.0 c=1 a=VpG5av1V1N0A:10 a=y3Be58pVqgkA:10
	a=rITDv7nW5hcA:10 a=nPdZA60-BFWM6NXlObwA:9
	a=3R1VAQM75_Q1mhpMkpU2zZcHZj0A:4
	a=si9q_4b84H0A:10 a=mhQ4J5QMNLoA:10
Received: from algo by daland.home with local (Exim 4.69 (FreeBSD))
	(envelope-from <algo@daland.home>) id 1Kb2cf-0000oX-Mu
	for freebsd-current@FreeBSD.ORG; Wed, 03 Sep 2008 20:22:53 -0400
From: Alex Goncharov <alex-goncharov@comcast.net>
To: freebsd-current@FreeBSD.ORG
In-reply-to: <200809031350.m83DoVw6021573@lurza.secnetix.de> (message from
	Oliver Fromme on Wed, 3 Sep 2008 15:50:31 +0200 (CEST))
References: <200809031350.m83DoVw6021573@lurza.secnetix.de>
Message-Id: <E1Kb2cf-0000oX-Mu@daland.home>
Sender: Alex Goncharov <alex-goncharov@comcast.net>
Date: Wed, 03 Sep 2008 20:22:53 -0400
Cc: 
Subject: Re: named mystery -- error: dumping master file:
	??master/tmp-wTjhUzoix6
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Alex Goncharov <alex-goncharov@comcast.net>
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2008 00:22:56 -0000

,--- Oliver Fromme (Wed, 3 Sep 2008 15:50:31 +0200 (CEST)) ----*
| Of course you can have both dynamic and static entries within the
| same zone.  But the question is: Is that zone only visible to your
| internal network, or is it public?

Internal.

| If it's only internal, then the BIND jail serving that zone should
| be bound to an internal IP address, so an attacker from outside
| cannot break into the BIND jail.

Of course: it is.  Plus the firewall is there, the way is should.

| It is usually not a good idea to put dynamic entries of internal
| hosts into a zone that is served to the public internet.

I don't serve any zones to the public internet.  If I were, there
would be no dynamic entries in it.

On the other hand, it's hard for me to imagine an internal zone, at
home or at work, that would not mix static and dynamic addresses these
days.

| So it is not only an issue of static vs. dynamic, but also
| internal vs. public.

Right.

P.S. What a delight not to see DNS warnings in my logs -- thanks to
     all who replied to my request!

-- Alex -- alex-goncharov@comcast.net --