[Sysadmins] Eircom DNS

Declan Kelly stdlib at groov.ie
Thu Jul 9 22:07:21 IST 2009


On Wed, Jul 08, 2009 at 10:41:34PM +0100, paul at jakma.org wrote:
> 
> > Timely updates to root hints.
> Why does that need end-user expertise?

Very little aspects of well designed and well maintained systems need
any end-user or even sysadmin expertise, while running as planned.

As James said, it's not so important how well something works, as how
gracefully (or not) it fails. And who can respond (or even notice).

Before the most popular home computer OS made it more difficult to
delete system files, that kind of thing was common:
"What do you mean, it's a bad idea to delete all those DLL files? I need
disk space for all these RAR files with yesterday's 0day warez in them".
And the helpdesk was expected to remotely fix it.

> I bet you'd have trouble finding any *professional* systems admins 
> who even know what you're talking about, never mind diagnose problems 
> with them.

Any *good* professional admin will make it his or her business to find
out what you're talking about, and estimate how much work is involved in
diagnosing and/or fixing the problems. I have the relative luxury of not
having to deal directly with much MICROS~1 software (example: I don't
know if Vista still has the legacy of 8.3 filenames), but if a Micros~1
bug threatens the stability of any systems that I am responsible for, I
have to find out about it (example: Doze 2003 doing repeated dynamic DNS
updates to authoritative nameservers once a second, and not giving up if
the rest of the Internet refuses the updates).

> a) DNS scales out horizontally pretty well

It does that better than most Internet services do, but that doesn't
mean that it has to be scaled out.


> b) Deploying some extra auth. DNS servers seems a lot cheaper to me
>     than having a cracker be able to MITM people's sessions to their
>     banks at the ISP-scale

Having every end-user home and office computer running their own DNS
resolver is not going to make it less likely that someone can do bad
things - attacks on authoritative nameservers are more effective than
going after the resolvers of any large consumer ISP, for example.


Getting back to the original post, the outage (and Eircom's response to
it) reminded me of the official responses when Indigo accidentally made
the Internet Eireann etc.tgz and ieie_www.tgz files available on their
public FTP server (but just not under /pub).
The big difference being that it got fixed more quickly this time,
without waiting for a quarterly audit...

Since when has the volume of anyone's Internet traffic ever *not* been
"unusual and irregular" to some degree? Even with UUCP over a 2400 baud
dialup (in ye olden times) there was irregularity and unusualification.

-- 
-Dec.				Consultant Sysadmin, Dublin.
---
"I am very new to programming drivers so if I sound un-knowledgeable
 then it's because I am." - Ceri Coburn, First4Internet, 2003-03-28



More information about the Sysadmins mailing list