,--- Oliver Fromme (Wed, 3 Sep 2008 15:50:31 +0200 (CEST)) ----* | Of course you can have both dynamic and static entries within the | same zone. But the question is: Is that zone only visible to your | internal network, or is it public? Internal. | If it's only internal, then the BIND jail serving that zone should | be bound to an internal IP address, so an attacker from outside | cannot break into the BIND jail. Of course: it is. Plus the firewall is there, the way is should. | It is usually not a good idea to put dynamic entries of internal | hosts into a zone that is served to the public internet. I don't serve any zones to the public internet. If I were, there would be no dynamic entries in it. On the other hand, it's hard for me to imagine an internal zone, at home or at work, that would not mix static and dynamic addresses these days. | So it is not only an issue of static vs. dynamic, but also | internal vs. public. Right. P.S. What a delight not to see DNS warnings in my logs -- thanks to all who replied to my request! -- Alex -- alex-goncharov_at_comcast.net --Received on Wed Sep 03 2008 - 22:22:56 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:34 UTC