Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Sep 2008 15:50:31 +0200 (CEST)
From:      Oliver Fromme <olli@lurza.secnetix.de>
To:        freebsd-current@FreeBSD.ORG, Alex Goncharov <alex-goncharov@comcast.net>
Subject:   Re: named mystery -- error: dumping master file: ??master/tmp-wTjhUzoix6
Message-ID:  <200809031350.m83DoVw6021573@lurza.secnetix.de>
In-Reply-To: <E1KaDNd-0005he-UV@daland.home>

next in thread | previous in thread | raw e-mail | index | archive | help
Alex Goncharov wrote:
 > In most environments I've been, including my home environment, the
 > idea that static and DHCP addresses have to be in different zones,
 > and/or be served by various DNS servers, would not be met
 > enthusiastically and probably would not fly at all.  At home, I have
 > some static addresses and the rest is DHCP-assigned -- all in one
 > zone.  Having two zones to accommodate a couple of static addresses
 > for the servers doesn't sound like a good idea to me.

Of course you can have both dynamic and static entries
within the same zone.  But the question is:  Is that zone
only visible to your internal network, or is it public?

If it's only internal, then the BIND jail serving that
zone should be bound to an internal IP address, so an
attacker from outside cannot break into the BIND jail.

It is usually not a good idea to put dynamic entries of
internal hosts into a zone that is served to the public
internet.

So it is not only an issue of static vs. dynamic, but also
internal vs. public.

Ideally your internal and public DNS would run on different
machines, but that's probably overkill for a home network
(I assume you don't have a DMZ network at home).

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"We will perhaps eventually be writing only small modules which are identi-
fied by name as they are used to build larger ones, so that devices like
indentation, rather than delimiters, might become feasible for expressing
local structure in the source language." -- Donald E. Knuth, 1974



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809031350.m83DoVw6021573>