Re: named mystery -- error: dumping master file: ??master/tmp-wTjhUzoix6

Alex Goncharov wrote:
In most environments I've been, including my home environment, the
idea that static and DHCP addresses have to be in different zones,
and/or be served by various DNS servers, would not be met
enthusiastically and probably would not fly at all. At home, I have
some static addresses and the rest is DHCP-assigned -- all in one
zone. Having two zones to accommodate a couple of static addresses
for the servers doesn't sound like a good idea to me.

Of course you can have both dynamic and static entries
within the same zone. But the question is: Is that zone
only visible to your internal network, or is it public?

If it's only internal, then the BIND jail serving that
zone should be bound to an internal IP address, so an
attacker from outside cannot break into the BIND jail.

It is usually not a good idea to put dynamic entries of
internal hosts into a zone that is served to the public
internet.

So it is not only an issue of static vs. dynamic, but also
internal vs. public.

Ideally your internal and public DNS would run on different
machines, but that's probably overkill for a home network
(I assume you don't have a DMZ network at home).

Best regards
Oliver

--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd

"We will perhaps eventually be writing only small modules which are identi-
fied by name as they are used to build larger ones, so that devices like
indentation, rather than delimiters, might become feasible for expressing
local structure in the source language." -- Donald E. Knuth, 1974
_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • [Full-Disclosure] The Dangers of Cross-Site-Scripting: Rogers Hi-Speed Internet Network [Canada]
    ... Many people dismiss the dangers of cross site scripting as ... The Rogers Hi-Speed Internet Network of Canada ... Explorer security setting: 'intranet zone': ...
    (Full-Disclosure)
  • The Dangers of Cross-Site-Scripting: Rogers Hi-Speed Internet Network [Canada]
    ... Many people dismiss the dangers of cross site scripting as ... The Rogers Hi-Speed Internet Network of Canada ... Explorer security setting: 'intranet zone': ...
    (Bugtraq)
  • Re: Unknown zone
    ... Tools> Internet Options> Advanced ... If it is the Internet zone use the Default Level button. ... How to make a good newsgroup post: ... it is connected to my local network. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Intercept DNS request
    ... Well yes I should have said new zone with A record. ... So to the rest of the internet; ... in the hosts file per pc, but that just seems like to much work. ... to specify the IP addresses of your ISPs DNS servers. ...
    (microsoft.public.windows.server.sbs)
  • RE: single entry to hosted service
    ... Your other zone files are still in place so you shouldn't need to forward anything else because you're saying this is internal to your network. ... Yes I do need some kind of dns configuration. ... there isp's dns servers with all of the dns entries for all of there ... I don't have any "internet side" dns, ...
    (comp.protocols.dns.bind)