[dns-operations] Another whitepaper on DDOS

WBrown at e1b.org WBrown at e1b.org
Wed Feb 27 14:15:39 UTC 2013

From: Daniel Kalchev <daniel at digsys.bg>
> There are lots of misconfigured domains on the Internet and plenty 
> clueless DNS admins. Those are the primary resistance to widespread 
> adoption of DNSSEC. Unfortunately, most management types who could 
> enforce an DNSSEC-only policy don't know or just don't care. For 
> most "does the web site open in a browser?" is good enough.

Yes, I was one of those clueless DNS admins.  I know more than I used to, 
but am I truly clueful?  The jury is still out.  When I started doing DNS 
here, a consultant set it up, said here's how you add records, and walked 
out the door.  Everything else I knew for the next 15 years I learned on 
my own, thanks to Albitz, Liu, and the Grasshopper Book.  I didn't even 
know about this list.  I finally took the three day Intro to BIND and DNS 
class 2 years ago.  The instructor talked about how most DNS admins 
learned from the tribal elders.  I wish I had had such a mentor!

A certain large software company has made it easy to install DNS servers, 
but because it is so easy, it doesn't require knowledge.  Without 
knowledge, cluelessness is inevitable.  The same applies to that companies 
email server.  For a long time I've said "Just because someone can install 
Exchange, doesn't mean they know what they're doing."  As long as 
management gets their web page and email, they're happy.  And if 
management is happy, why should they spend money to fix what isn't 
perceived as broken?  And would the DNS (or email) admin even recognize 
the brokenness? 

Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.

More information about the dns-operations mailing list