That's make sense to me but the sysadmins want to the user to be able to automatically get updates from apple.com when they are off-site. I'm not how this is accomplished if the Mac's are setup to get updates from xxxx.apple.com which is only defined at my site but I'm not a Mac person. I know this is beyond the scope of this list but do you know of way to tell auto-updater on Mac to use a list? I suspect what they are counting is setting up auto-updater to use xxxx.apple.com and when it resolves locally it will get the update from our update server and if not then the resolver will drop the hostname and try to resolve apple.com and it should connect with apple.com update service.
Thanks, Gary Gary Gladney Network Mgr Space Telescope Science Institute Email: glad...@stsci.edu Voice: 410.338.4912 Public Key: ldap://certserver.pgp.com ---- Original message ---- >Date: Wed, 26 May 2010 02:49:47 -0400 >From: bind-users-bounces+gladney=stsci....@lists.isc.org (on behalf of Barry >Margolin <bar...@alum.mit.edu>) >Subject: Re: Opinions about zone configuration >To: comp-protocols-dns-b...@isc.org > >In article <mailman.1605.1274841042.21153.bind-us...@lists.isc.org>, > Gary Gladney <glad...@stsci.edu> wrote: > >> We have some people at my site who like a zone configured on our internal >> DNS >> server named xxxx.apple.com. The zone information would not be replicated >> to >> our external server but I suggested this is not a good idea basically >> because >> the domain name of apple.com and if for some reason this zone information >> did >> replicate to our external server it would create some problems. The reason >> for using this zone is they want to be able to update MAC's but when they >> are >> connected to our site they would use xxxx.apple.com and when they are not >> connected they would use apple.com. If anyone else has an opinion about >> this >> I would like to hear it. > >Are you trying to run your own Software Update server? You can >configure SU to go to a different server than the normal >swupdate.apple.com. At my company, the Macs go to macupdate.<ourdomain>. > >But if you do what you said, I agree with the other response that >there's little danger. First of all, how would the domain get >replicated "for some reason"? Someone would have to explicitly add the >slave zone to the external server, how would that happen accidentally >(unless you have a script that automatically converts the internal >master's named.conf into a version for the external slave)? And second, >there are no NS records delegating xxxx.apple.com to your server, so no >one will ever know it's there. > >It's like worrying about labeling your home phone with someone else's >number. That won't cause you to start getting their phone calls. > >-- >Barry Margolin, bar...@alum.mit.edu >Arlington, MA >*** PLEASE don't copy me on replies, I'll read them in the group *** >_______________________________________________ >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
