On Monday 09 Jan 2006 21:26, Christopher L. Morrow wrote:
On Mon, 9 Jan 2006, Randy Bush wrote:
It seems like maybe that is all too common. Are the 'best practices' documented for Authoritative DNS somewhere central?
2182
yes, yes.. people who care (a lot) have read this I'm sure... I was aiming a little lower :) like folks that have enterprise networks :) Or, maybe even registrars offering 'authoritative dns services' like say 'worldnic' who had most of their DNS complex shot in the head for 3 straight days :(
It is the old story of ignorance and cost, plus with DNS a "perceived loss of control". In the UK many domains are registered with a couple of the cheapest providers, who do not do off network DNS, and in the past one offered non-RFC compliant mail forwarding as a bonus. I've seen people switch the DNS part of a hosting arrangement to these guys to save about 10 USD a year. Of course people competing at those sort of price levels offer practically no service component, so even if nothing dreadful happens it still turns into a false economy. It reminds me of the firewall market, when the average punter had no idea how to assess the "security" aspects of a firewall, and so firewall vendors ended up pushing throughput, and price, as the major selling points. I know people who bought firewalls capable of handling 160Mbps of traffic, who still have it filtering a 2Mbps Internet connection, badly. By and large the big ISPs do a good job with DNS, the end users do a terrible job. I think once you get to the size where you need a person (or team) doing DNS work fulltime, it probably gets a lot easier to do it right. Perhaps I should dust off my report on the quality of DNS configurations in the South West of England, and turn it into a buyers guide? That said I don't think doing DNS right is easy. I know pretty much exactly what my current employer is doing wrong, but these failures to conform to best practice aren't as much of a priority as the other things we are doing wrong. At least in our case it is done with knowledge of what can (and likely will eventually) go wrong.