,--- Oliver Fromme (Mon, 1 Sep 2008 19:17:25 +0200 (CEST)) ----* | Forget the FAQ. You should read the ARM (Administrator | Reference Manual), especially the section on dynamic | updates. Thanks -- I will most certainly do it! | The static zones live in the "master" directory, and the | dynamic ones live in the "dynamic" directory. | | Some people advise against serving both static (public) and dynamic | (internal) master zones from the same server. That's precisely for | the security reason you mentioned: If an external attacker could | gain access to your named via an exploit, he could manipulate your | dynamic zones (though not your static ones if permissions are | configured correctly). Therefore it might be a good idea to serve | static and dynamic zones from different named instances in separate | jails that are bound to appropriate (public vs. internal) IP | addresses. In most environments I've been, including my home environment, the idea that static and DHCP addresses have to be in different zones, and/or be served by various DNS servers, would not be met enthusiastically and probably would not fly at all. At home, I have some static addresses and the rest is DHCP-assigned -- all in one zone. Having two zones to accommodate a couple of static addresses for the servers doesn't sound like a good idea to me. Thank you for your excellent explanations -- I just learned something valuable and now know what I have to read. -- Alex -- alex-goncharov_at_comcast.net --Received on Mon Sep 01 2008 - 15:40:00 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:34 UTC