[dns-operations] [OT] What are the most desirable skills, experience & education for [becoming] a good "DNS engineer"?

Lawrence K. Chen, P.Eng. lkchen at ksu.edu
Fri Jan 31 00:15:57 UTC 2014


Can't think of whether such a person could exist...even though I have to
varying degrees a lot of those skills...but I'm a Unix Systems
Administrator....and have been in and around Unix since 1987.  Though
started out as an EE (with minor in Computer -- they didn't offer a
major until a few years after I graduated) working as a research
engineer in the field of combustion dynamics (they company had some
sophisticated simulation software that ran on a Honeywell mainframe and
limited versions on DOS, when they decided they would go commercial and
develop it for Unix with a X/Motif interface, etc.)

I did a lot of other things while there...like first network, getting a
full-time internet connection....(ISDN)....trying to balance security
and access.  It had be decreed that the accounting system would be on an
isolated network from the rest of the Engineers.  Which also meant no
Internet access.  But, the Office Administrator wasn't happy with having
to use a separate computer to access the Internet.  So, the first thing
after I got laid off...she connected the two networks together (which
worked because they had been one network originally, the network got
infected....which was before we got the Internet.)

Then a Software Engineer for an enterprise software company. (where
early on the company was acquired and one of the first people to get
downsized was the Unix manager...)

Here at KSU, networking group runs DHCP (its a pair of Sun V240's, sol9
and isc dhcpd 3.x....hasn't been patched or anything since they set it
up in 2006) while the unix servers group runs DNS.

After hearing the presentation by Shumon Huque...who identified himself
as DNS Architect for PSU, my manager said I'm the DNS Architect for KSU
(yeah, all the old servers have gone away since I took it on...and its
quite different than it was before.... like going DNSSEC and doing views
- which the previous DNS administrator said wasn't possible, when I had
asked why he didn't do that.)

Someday somebody is going to register the fake tld that we used and
cause all kinds of problems.

Did DNSSEC completely on my own, someday we should throw out the scripts
I came up that keep it working and replace it with something more
robust.  Plus since I finally got some DNSSEC training...there's other
things I could done differently, etc.

We used to be very much into security, until a separate security group
was formed and now we're supposed just do whatever they tell us for
firewall changes (though I've pushed back a few times, and won on
occasion...) or other access controls.

I know some DHCP, since I run it at home...two servers doing
failover/balancing....

I'm also the primary for managing our F5 (just LTM at the moment)...the
only one that does the more complicated stuff, like iRules, SSL,
oneconnect.... or upgrading from 9.3.1 to 10.2.3 (and later to 10.2.4).
 Users want us to have 11.4+, but the software only went to 11.1 for the
hardware (support ends on 11.1 before the hardware support does....while
support for 10.2.4 matches the end of hardware support.)

We have a new pair on order...and we're looking at doing GTM and
purchasing external secondary services (anybody have a list of companies
that sell this service?)

I hope to get access to some training on 11.4, along with GTM. (I've
only had the basic and advanced LTM 9)  And, I have some scripts running
on our F5s calling bigpipe....

But, I'm pretty weak on Windows....and I'm moving to the point where I
want to be Windows-free.  Even though until a couple years ago, I used
to be the odd guy in the Unix group with a Windows desktop.  But then I
got a new computer, was plagued by all kinds of 'hardware' problems...so
boss dropped a 27" iMac on my desk, and offered to help me toss the
Windows computer off the loading dock. (though its now my quite stable
FreeBSD workstation now....)

Though we did recently get my bind servers to be secondary for central
AD (the Windows administrators weren't comfortable with turning off
recursion on their servers to stop being open query resolvers....)
Though I know nothing about what they did on the AD side to make it work
after it was found that it didn't work at first (though I suspect they
had initially selected the bind option, that makes it talk
BIND4...though they also had a problem where it thought it was
authoritative for subnets that didn't belong to them...but they have
servers in, and one of the DNS vlans falls in that subnet.)

Yea....don't know how one would identify a good candidate as you have
described.  Just as I've been unable to identify some good candidates
that are my clones for my manager.

On 01/29/14 12:27, Stefan wrote:
> I know this may sound a little odd, but have been struggling with trying
> to identify a good candidate for a DNS (& DHCP) migration of a large
> infrastructure, from Windows based environment, to a vendor based
> appliance (and keeping such as a full time employee, in the process, in
> the network group, for administration and lifecycle of such). 
> 
> I would think that primordial to a level of strong engineering abilities
> would be networking (TCP/[UDP]/IP on top of which DNS as protocol and
> its behaviors knowledge would be a must). The OS level knowledge comes
> next, as bind on *nix or on F5 (thinking GTM here), for example, needs
> to be comprehensively understood, as well as the Windows implementation
> and relationship between DNS and AD. Security comes as a "given", of
> course, as name resolution is critical from that stand point, especially
> on the public facing part. Vendor "X" appliance background is also
> desirable, on top of all these, 'cause that would be the "moving to"
> point, and understanding specifics will be critical. Add to this
> knowledge of applications and possible name resolution specifics at
> layer 7, maybe not following the "rules" of the OS stubs, and I pretty
> much covered the entire computer science spectrum ;-)
> 
> Considering all of the above - what is your experience and/or opinion in
> regards to how a good DNS engineer (or a good engineer with primary
> responsibility in another technology) came to become? What helped you
> the most in becoming one?
> 
> Thank you,
> ***Stefan 
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
> 

-- 
Who: Lawrence K. Chen, P.Eng. - W0LKC - Sr. Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally



More information about the dns-operations mailing list