[dns-operations] Operations vs. the lab (Was: What would it take...)

[Fred Morris]

Dough Barton changed the topic, so I hope this isn't too far off the new
topic.

On Wed, 11 Mar 2015, Doug Barton wrote:
> [...] to prevent zone walking. We were routinely told that it was stupid
> to care about the contents of your zones, since that was all data that
> is published on the public Internet anyway.

I don't think anyone is claiming that common operational practices
(*cough* DNS over TCP) are always "the best way forward".

Let me tell you how I "own" your statement in my own mind: The DNS gurus
told us all of our stuff is already on the internetz and that we're stupid
to care about it. Gee maybe they're right. Well I'm still not going to
make it easy. ***Guess I don't need to worry about monitoring this
stuff, so I'll take that off my quarterly operational objectives.***


Fast forward to the current day (*cough* hot server rooms) and we can see
that a disservice has been done, although it is unclear whether it is
self-inflicted or not. Because the guru has spoken, we're not doing any
monitoring and so nobody is the wiser (if you're serving assets to some
large company's mobile app's customers while they remain blissfully
unaware for TWO YEARS clearly this is true!).

I'm not attending IETF events, so I don't know what is occurring, but this
is one of the problems with gurus: not only do they irritatingly tell you
what to do, but we tend to believe them until they make fools of
themselves. Gurus also tend to think they're doing everything they can; we
can even assume the correct words were mumbled on occasion, but we can see
where we are and what stuck with the recipients.

(Maybe the lesson should have been BECAUSE your dirty laundry is all over
the internet, you really ought to monitor it.)


If we really want to "step up" a rung or two on the operations and
security ladder, communication needs to improve.

--

Fred Morris