DDNS and Hidden Master == Brain-Damaged
phil at ipom.com
Thu Jan 27 07:41:00 UTC 2005
John Hascall wrote:
>>>>>And how do I make ISC DHCP do that?
>>>>use a non-trash MNAME in the dns view seen by your dhcp server and
>>>It is "non-trash" by any sane definition.
>>then make it non-trash by some insane definition. for example, make it
>>match one of the NS.NSDNAME's, according to the "dns view" seen by your
>>dhcp population. if you want your master hidden, then make sure that the
>>non-dhcp-population sees some other SOA and NS for that zone. no problem.
> I would have to agree that a hidden master that is seen
> by all your dhcp clients is an insane definition of hidden.
> I think a far better solution for me is to lobotomize
> that section of code in dhcpd.
As someone about to hide our hidden master, it sounds like the best
solution will be to make the SOA record *not* the hidden master, but
instead a public DNS server, and then it's by all means... hidden.
Does that break anything else?
Of course, we don't use DDNS, so I just chuck all update logs and don't
worry about it, but...
Phil Dibowitz phil at ipom.com
Freeware and Technical Pages Insanity Palace of Metallica
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
- Benjamin Franklin, 1759
-- Attached file included as plaintext by Ecartis --
-- File: signature.asc
-- Desc: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the bind-users