[TriLUG] Are we Admins or not? - was Re: problems IPv6 has helped solve

[Matt Pusateri]

On Apr 19, 2011, at 12:48 AM, Jonathan Woodbury wrote:

>  could use a DNS solution for this problem.  But many of those
> solutions require that I maintain completely independent zones for
> private and public views.  What a pain, and so prone to negligence!
> Maybe a DNS proxy solution or firewall DNS rewrite is possible?  But
> now we're still talking adding unnecessary complexity to our network.


It's only prone to negligence if *you* are negligent! Bad argument against a valid technical solution, when the problem isn't technical.  Of course everyone's level of comfort is different.  Views are no harder to maintain than any other DNS setup.  I personally and professionally keep seeing a repeating pattern of arguing against doing something because it requires us to actually be Systems Administrators.  Example: We can't put that box on the Internet, it's not secure, so let's put it behind NAT instead.  NAT gives a false sense of security, the box is either secure as we can make it or it isn't.   Don't get me wrong in this example I'm not saying there are not valid reasons to use network topology to add some protection.  What I am saying is that lack of willingness to put in the effort to do things right, should drive our decision making process. 


These comments are a generality and not directed at the OP.  :)


Matt P.