Opinions about zone configuration
Barry Margolin
barmar at alum.mit.edu
Wed May 26 06:49:47 UTC 2010
In article <mailman.1605.1274841042.21153.bind-users at lists.isc.org>,
Gary Gladney <gladney at stsci.edu> wrote:
> We have some people at my site who like a zone configured on our internal DNS
> server named xxxx.apple.com. The zone information would not be replicated to
> our external server but I suggested this is not a good idea basically because
> the domain name of apple.com and if for some reason this zone information did
> replicate to our external server it would create some problems. The reason
> for using this zone is they want to be able to update MAC's but when they are
> connected to our site they would use xxxx.apple.com and when they are not
> connected they would use apple.com. If anyone else has an opinion about this
> I would like to hear it.
Are you trying to run your own Software Update server? You can
configure SU to go to a different server than the normal
swupdate.apple.com. At my company, the Macs go to macupdate.<ourdomain>.
But if you do what you said, I agree with the other response that
there's little danger. First of all, how would the domain get
replicated "for some reason"? Someone would have to explicitly add the
slave zone to the external server, how would that happen accidentally
(unless you have a script that automatically converts the internal
master's named.conf into a version for the external slave)? And second,
there are no NS records delegating xxxx.apple.com to your server, so no
one will ever know it's there.
It's like worrying about labeling your home phone with someone else's
number. That won't cause you to start getting their phone calls.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list