[TriLUG] Are we Admins or not? - was Re: problems IPv6 has helped solve
Jonathan Woodbury
jpwoodbu at mybox.org
Tue Apr 19 12:01:53 EDT 2011
> It's only prone to negligence if *you* are negligent! Bad argument against a valid technical solution, when the problem isn't technical. Of course everyone's level of comfort is different. Views are no harder to maintain than any other DNS setup.
Maybe I should have stressed simplicity instead of negligence.
"Simple is better than complex." I have to disagree that views are no
harder to maintain than other DNS setups. I would assert that views
require twice the maintenance that a setup without views requires. I
would also assert that a dual stack solution to the problem I
described is easier to maintain on a regular basis than dual zones.
I've been on a team that brilliantly managed an external and internal
zone setup. Recently, I've been victim to poor, outsourced, IT work.
And the very scenario I painted did happen due to actual negligence.
This is a problem that can be addressed on a technical and a people
level. We're addressing it on both. :)
>I personally and professionally keep seeing a repeating pattern of arguing against doing something because it requires us to actually be Systems Administrators.
I feel like arguing for simplicity is reasonable. I hope those
arguments don't fall into the pattern to which you're referring.
>Example: We can't put that box on the Internet, it's not secure, so let's put it behind NAT instead. NAT gives a false sense of security, the box is either secure as we can make it or it isn't. Don't get me wrong in this example I'm not saying there are not valid reasons to use network topology to add some protection. What I am saying is that lack of willingness to put in the effort to do things right, should drive our decision making process.
>
>
> These comments are a generality and not directed at the OP. :)
Understood. :)
>
>
> Matt P.
More information about the TriLUG
mailing list