named mystery -- error: dumping master file:
alex-goncharov at comcast.net
Mon Sep 1 17:40:00 UTC 2008
,--- Oliver Fromme (Mon, 1 Sep 2008 19:17:25 +0200 (CEST)) ----*
| Forget the FAQ. You should read the ARM (Administrator
| Reference Manual), especially the section on dynamic
Thanks -- I will most certainly do it!
| The static zones live in the "master" directory, and the
| dynamic ones live in the "dynamic" directory.
| Some people advise against serving both static (public) and dynamic
| (internal) master zones from the same server. That's precisely for
| the security reason you mentioned: If an external attacker could
| gain access to your named via an exploit, he could manipulate your
| dynamic zones (though not your static ones if permissions are
| configured correctly). Therefore it might be a good idea to serve
| static and dynamic zones from different named instances in separate
| jails that are bound to appropriate (public vs. internal) IP
In most environments I've been, including my home environment, the
idea that static and DHCP addresses have to be in different zones,
and/or be served by various DNS servers, would not be met
enthusiastically and probably would not fly at all. At home, I have
some static addresses and the rest is DHCP-assigned -- all in one
zone. Having two zones to accommodate a couple of static addresses
for the servers doesn't sound like a good idea to me.
Thank you for your excellent explanations -- I just learned something
valuable and now know what I have to read.
-- Alex -- alex-goncharov at comcast.net --
More information about the freebsd-current