Opinions about zone configuration

Kevin Oberman oberman at es.net
Wed May 26 04:57:15 UTC 2010

> From: Gary Gladney <gladney at stsci.edu>
> Date: Tue, 25 May 2010 22:30:15 -0400 (EDT)
> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
> We have some people at my site who like a zone configured on our
> internal DNS server named xxxx.apple.com.  The zone information would
> not be replicated to our external server but I suggested this is not a
> good idea basically because the domain name of apple.com and if for
> some reason this zone information did replicate to our external server
> it would create some problems.  The reason for using this zone is they
> want to be able to update MAC's but when they are connected to our
> site they would use xxxx.apple.com and when they are not connected
> they would use apple.com.  If anyone else has an opinion about this I
> would like to hear it.

First, it should not ever be seen externally unless you do something
really dumb. But I have done things that were really dumb and you
probably have, too.

So, it gets on the external server. Who, outside of your organization
would be sending a query for some domain inside of apple.com to your
server? Let alone a single domain like xxxx? Seems like a pretty long

So, make a dumb mistake and have some system somewhere manage to have
your server listed as a forwarder. Yes, I suppose something could
actually cause a problem, but I think I'll put the concern just under
getting struck by a meteorite in the way to work tomorrow.

Now, Mark can explain what I overlooked and why this really IS a bad
idea. Or, maybe I got it right.
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751

More information about the bind-users mailing list