Version: 2008
  • On GameSpot: Get ready for the Best of 2009 Awards!

Comments on: The sorry state of the domain name game

Jon Oltsik says the internal DNS system is busted and is surprised at how few people are taking notice.

Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
Hire UNIX peoples who have experience, MSCE will not do
by Goose October 4, 2005 4:43 AM PDT
"...BIND can be an absolute bear to manage as administration is
based on cryptic text file manipulation where one little mistake
can cascade through the entire network."
ALL UNIX applications rely on cryptic text files and are prone to
errors.
All you really need is someone who knows his job and can
manage/update UNIX applications.
Do not hire Microsoft "specialist" to work on a "real" system.
I have seen it happening too many times.
Reply to this comment
Hire UNIX peoples who have experience, MSCE will not do
by Goose October 4, 2005 4:43 AM PDT
"...BIND can be an absolute bear to manage as administration is
based on cryptic text file manipulation where one little mistake
can cascade through the entire network."
ALL UNIX applications rely on cryptic text files and are prone to
errors.
All you really need is someone who knows his job and can
manage/update UNIX applications.
Do not hire Microsoft "specialist" to work on a "real" system.
I have seen it happening too many times.
Reply to this comment
Hire UNIX people who have experience, MSCE will not do
by Goose October 4, 2005 4:44 AM PDT
"...BIND can be an absolute bear to manage as administration is
based on cryptic text file manipulation where one little mistake
can cascade through the entire network."
ALL UNIX applications rely on cryptic text files and are prone to
errors.
All you really need is someone who knows his job and can
manage/update UNIX applications.
Do not hire Microsoft "specialist" to work on a "real" system.
I have seen it happening too many times.
Reply to this comment
Hire UNIX people who have experience, MSCE will not do
by Goose October 4, 2005 4:44 AM PDT
"...BIND can be an absolute bear to manage as administration is
based on cryptic text file manipulation where one little mistake
can cascade through the entire network."
ALL UNIX applications rely on cryptic text files and are prone to
errors.
All you really need is someone who knows his job and can
manage/update UNIX applications.
Do not hire Microsoft "specialist" to work on a "real" system.
I have seen it happening too many times.
Reply to this comment
Is this article for real?
by October 4, 2005 7:53 AM PDT
Let me first point out that almost every argument in your article is actually a non-argument.

It is indeed a misfortune that DNS is vulnerable to all sorts of attacks. It is also a misfortune that operating systems are. That web servers are. That browsers and mail clients and messaging applications. All computer programs are vulnerable to attacks.

BIND has cryptic configuration files? It's human readable! Which also means something really bad for business. It's open. Anyone can use text processing on it. Would you expect 011100110110111011 to be more readable? Oh, I forgot. I need to "invest in tools" that read and process such uncryptic representations.

One has to invest in DNS training? Well, this is purely evil, since it can mean that one should not invest in anything having to do with human expertise in a certain domain. We do have tools that automate such tasks, like DNS management, right? Of course, these tools themselves are vulnerable to attacks. These tools must be managed. Let's just invest in "some-specific-tool training", not DNS training.

Depending on brains of techies instead of automated tools and repeatable processes? Any good techie will make automated tools which conduct repeatable processes to ease his job. Well, I'm wrong. This assumes that the tools use open formats and one is not dependent on the tool-maker to extend the DNS server. Which does mean less money to the bear. "Yikes!"

And the list can continue. I'm sorry, but we haven't arrived to the level where people aren't needed anymore to make the computer world a nice experience ... for whom? For other people. Like you, I hope that in the future we'll have a nice machine which CEOs can talk to and say "I need a perfect DNS for my organization" and the machine will autoconfigure itself by reading the CEOs mind.
Reply to this comment
And thats ignoring..
by October 4, 2005 10:09 AM PDT
Proper architecture...

"they often run DNS with antiquated versions of the Berkeley Internet Name Domain, or BIND, server software on a Unix platform."

In other words they do not upgrade to modern BIND software. So if a company is still running 95 does that mean 'windows' is antiquated? no it means that version is.

"In terms of IT operations, both BIND and Unix platforms have to be configured, patched and upgraded on a fairly frequent basis."

Unlike windows which never neds to be patched, upgraded, or configured? All systems need to be patched, upgraded, or configured anyone who tells you othersie probabally also has a bridge to sell you..

"If IT managers are diligent with these processes, they constantly take DNS servers offline. "

Unless *gasp* they run more than one DNS server like everyone should. BIND is so lightweight you dont need a devoted server for all but the most large scale applications. Anyone who would set up mission critical server and not have failover is nuts. I suppose the fact if you only have on domain controller in an AD and you shut it down the fact you lose your fismo roles it a weakness in windows, not an indication of bad architecture

"Even if the name servers themselves are well cared for, BIND can be an absolute bear to manage, as administration is based on cryptic text file manipulation"

if you cant use vi, just use webmin
View reply
Is this article for real?
by October 4, 2005 7:53 AM PDT
Let me first point out that almost every argument in your article is actually a non-argument.

It is indeed a misfortune that DNS is vulnerable to all sorts of attacks. It is also a misfortune that operating systems are. That web servers are. That browsers and mail clients and messaging applications. All computer programs are vulnerable to attacks.

BIND has cryptic configuration files? It's human readable! Which also means something really bad for business. It's open. Anyone can use text processing on it. Would you expect 011100110110111011 to be more readable? Oh, I forgot. I need to "invest in tools" that read and process such uncryptic representations.

One has to invest in DNS training? Well, this is purely evil, since it can mean that one should not invest in anything having to do with human expertise in a certain domain. We do have tools that automate such tasks, like DNS management, right? Of course, these tools themselves are vulnerable to attacks. These tools must be managed. Let's just invest in "some-specific-tool training", not DNS training.

Depending on brains of techies instead of automated tools and repeatable processes? Any good techie will make automated tools which conduct repeatable processes to ease his job. Well, I'm wrong. This assumes that the tools use open formats and one is not dependent on the tool-maker to extend the DNS server. Which does mean less money to the bear. "Yikes!"

And the list can continue. I'm sorry, but we haven't arrived to the level where people aren't needed anymore to make the computer world a nice experience ... for whom? For other people. Like you, I hope that in the future we'll have a nice machine which CEOs can talk to and say "I need a perfect DNS for my organization" and the machine will autoconfigure itself by reading the CEOs mind.
Reply to this comment
And thats ignoring..
by October 4, 2005 10:09 AM PDT
Proper architecture...

"they often run DNS with antiquated versions of the Berkeley Internet Name Domain, or BIND, server software on a Unix platform."

In other words they do not upgrade to modern BIND software. So if a company is still running 95 does that mean 'windows' is antiquated? no it means that version is.

"In terms of IT operations, both BIND and Unix platforms have to be configured, patched and upgraded on a fairly frequent basis."

Unlike windows which never neds to be patched, upgraded, or configured? All systems need to be patched, upgraded, or configured anyone who tells you othersie probabally also has a bridge to sell you..

"If IT managers are diligent with these processes, they constantly take DNS servers offline. "

Unless *gasp* they run more than one DNS server like everyone should. BIND is so lightweight you dont need a devoted server for all but the most large scale applications. Anyone who would set up mission critical server and not have failover is nuts. I suppose the fact if you only have on domain controller in an AD and you shut it down the fact you lose your fismo roles it a weakness in windows, not an indication of bad architecture

"Even if the name servers themselves are well cared for, BIND can be an absolute bear to manage, as administration is based on cryptic text file manipulation"

if you cant use vi, just use webmin
View reply
(10 Comments)
  • prev
  • 1
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET