named mystery -- error: dumping master file:
??master/tmp-wTjhUzoix6
Alex Goncharov
alex-goncharov at comcast.net
Thu Sep 4 00:22:56 UTC 2008
,--- Oliver Fromme (Wed, 3 Sep 2008 15:50:31 +0200 (CEST)) ----*
| Of course you can have both dynamic and static entries within the
| same zone. But the question is: Is that zone only visible to your
| internal network, or is it public?
Internal.
| If it's only internal, then the BIND jail serving that zone should
| be bound to an internal IP address, so an attacker from outside
| cannot break into the BIND jail.
Of course: it is. Plus the firewall is there, the way is should.
| It is usually not a good idea to put dynamic entries of internal
| hosts into a zone that is served to the public internet.
I don't serve any zones to the public internet. If I were, there
would be no dynamic entries in it.
On the other hand, it's hard for me to imagine an internal zone, at
home or at work, that would not mix static and dynamic addresses these
days.
| So it is not only an issue of static vs. dynamic, but also
| internal vs. public.
Right.
P.S. What a delight not to see DNS warnings in my logs -- thanks to
all who replied to my request!
-- Alex -- alex-goncharov at comcast.net --
More information about the freebsd-current
mailing list