DDNS and Hidden Master == Brain-Damaged
Phil Dibowitz
phil at ipom.com
Thu Jan 27 07:41:00 UTC 2005
John Hascall wrote:
>>>>>And how do I make ISC DHCP do that?
>>>>
>>>>use a non-trash MNAME in the dns view seen by your dhcp server and
>>>>clients.
>>>
>>>It is "non-trash" by any sane definition.
>
>
>>then make it non-trash by some insane definition. for example, make it
>>match one of the NS.NSDNAME's, according to the "dns view" seen by your
>>dhcp population. if you want your master hidden, then make sure that the
>>non-dhcp-population sees some other SOA and NS for that zone. no problem.
>
>
> I would have to agree that a hidden master that is seen
> by all your dhcp clients is an insane definition of hidden.
>
> I think a far better solution for me is to lobotomize
> that section of code in dhcpd.
As someone about to hide our hidden master, it sounds like the best
solution will be to make the SOA record *not* the hidden master, but
instead a public DNS server, and then it's by all means... hidden.
Does that break anything else?
Of course, we don't use DDNS, so I just chuck all update logs and don't
worry about it, but...
--
Phil Dibowitz phil at ipom.com
Freeware and Technical Pages Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759
-- Attached file included as plaintext by Ecartis --
-- File: signature.asc
-- Desc: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB+JtCN5XoxaHnMrsRAhvwAKCbYicpHYkavZx5MhNQqu7ELJspGgCfb7dc
fvNw9HqmNjRNd3hCc11bZE0=
=iAYD
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list