Opinions about zone configuration

Gary Gladney gladney at stsci.edu
Wed May 26 12:14:44 UTC 2010

That's make sense to me but the sysadmins want to the user to be able to automatically get updates from apple.com when they are off-site.  I'm not how this is accomplished if the Mac's are setup to get updates from xxxx.apple.com which is only defined at my site but I'm not a Mac person.  I know this is beyond the scope of this list but do you know of way to tell auto-updater on Mac to use a list?  I suspect what they are counting is setting up auto-updater to use xxxx.apple.com and when it resolves locally it will get the update from our update server and if not then the resolver will drop the hostname and try to resolve apple.com and it should connect with apple.com update service.


Gary Gladney
Network Mgr
Space Telescope Science Institute
Email: gladney at stsci.edu
Voice: 410.338.4912
Public Key: ldap://certserver.pgp.com

---- Original message ----
>Date: Wed, 26 May 2010 02:49:47 -0400
>From: bind-users-bounces+gladney=stsci.edu at lists.isc.org (on behalf of Barry Margolin <barmar at alum.mit.edu>)
>Subject: Re: Opinions about zone configuration  
>To: comp-protocols-dns-bind at isc.org
>In article <mailman.1605.1274841042.21153.bind-users at lists.isc.org>,
> Gary Gladney <gladney at stsci.edu> wrote:
>> We have some people at my site who like a zone configured on our internal DNS 
>> server named xxxx.apple.com.  The zone information would not be replicated to 
>> our external server but I suggested this is not a good idea basically because 
>> the domain name of apple.com and if for some reason this zone information did 
>> replicate to our external server it would create some problems.  The reason 
>> for using this zone is they want to be able to update MAC's but when they are 
>> connected to our site they would use xxxx.apple.com and when they are not 
>> connected they would use apple.com.  If anyone else has an opinion about this 
>> I would like to hear it.
>Are you trying to run your own Software Update server?  You can 
>configure SU to go to a different server than the normal 
>swupdate.apple.com.  At my company, the Macs go to macupdate.<ourdomain>.
>But if you do what you said, I agree with the other response that 
>there's little danger.  First of all, how would the domain get 
>replicated "for some reason"?  Someone would have to explicitly add the 
>slave zone to the external server, how would that happen accidentally 
>(unless you have a script that automatically converts the internal 
>master's named.conf into a version for the external slave)?  And second, 
>there are no NS records delegating xxxx.apple.com to your server, so no 
>one will ever know it's there.
>It's like worrying about labeling your home phone with someone else's 
>number.  That won't cause you to start getting their phone calls.
>Barry Margolin, barmar at alum.mit.edu
>Arlington, MA
>*** PLEASE don't copy me on replies, I'll read them in the group ***
>bind-users mailing list
>bind-users at lists.isc.org

More information about the bind-users mailing list