Alex Goncharov alex-goncharov at
Mon Sep 1 17:40:00 UTC 2008

,--- Oliver Fromme (Mon, 1 Sep 2008 19:17:25 +0200 (CEST)) ----*
| Forget the FAQ.  You should read the ARM (Administrator
| Reference Manual), especially the section on dynamic
| updates.

Thanks -- I will most certainly do it!

| The static zones live in the "master" directory, and the
| dynamic ones live in the "dynamic" directory.
| Some people advise against serving both static (public) and dynamic
| (internal) master zones from the same server.  That's precisely for
| the security reason you mentioned: If an external attacker could
| gain access to your named via an exploit, he could manipulate your
| dynamic zones (though not your static ones if permissions are
| configured correctly).  Therefore it might be a good idea to serve
| static and dynamic zones from different named instances in separate
| jails that are bound to appropriate (public vs. internal) IP
| addresses.

In most environments I've been, including my home environment, the
idea that static and DHCP addresses have to be in different zones,
and/or be served by various DNS servers, would not be met
enthusiastically and probably would not fly at all.  At home, I have
some static addresses and the rest is DHCP-assigned -- all in one
zone.  Having two zones to accommodate a couple of static addresses
for the servers doesn't sound like a good idea to me.

Thank you for your excellent explanations -- I just learned something
valuable and now know what I have to read.

-- Alex -- alex-goncharov at --

