Re: Tips for DNS zone administration

["Eric A. Hall" <ehall@ehsco.com>]

> if you wish your work to actually be useful, as opposed to a polemic,
> you may want to stick to what is technically correct, as opposed to
> your particular view of what is operationally useful and advisable.

A lot of the problems with DNS are administrative in nature, and it's
pretty good advice to suggest avoiding admin traps. The technology working
right on poorly-managed names still causes lookups to fail.

EG, making www.example.com an NS for example.com is technically allowable,
but registering the IP address of www.example.com as a host record in a
delegation parent is a bad idea from an administrative POV. You will not
be able to change the glue data and the in-zone data at the same time, and
some servers out there still use delegation data as answer data even
though they shouldn't, so www.example.com may still show up in answers for
a week or so until you get it fixed and the TTLs expire.

If you had used some other machine for the NS delegation, you could move
www.example.com much easier. You still have to wait for TTLs to expire,
but you don't have to go through the rigamarole of getting NSI or whoever
to update the host entries for your web server. Also, you have better
control over TTLs when the records only appear in your zone.

These admin problems DO interfere with the technology's usability. They
should be clearly defined as admin problems though.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/