I Don't Want to Say "I Told You So"...
October 13 2009 by 
Cricket Liu (Infoblox)
...especially at the expense of the excellent folks who run .SE, but wasn't I just writing last month about everything that can go wrong in a manually administered DNS environment? In fact, didn't I specifically say:
"Use a trailing dot to prevent the origin from being appended to a domain name. After editing a zone data file, increment the serial number and reload. Forget any one of those and you've caused an operational issue, maybe even an outage."
Well, it looks like .SE had one of those very problems.
Don't get me wrong: The folks at .SE know what they're doing. They were the first TLD to roll out DNSSEC, for example. This just goes to show you that even the best of us - even folks whose livelihood is DNS - make mistakes. That's why tools that reduce the chance of making those mistakes are so important.
Posted in DNS Best Practices | Automation | 
1 comments
Oct 14, 2009 at 4:23 AM
One thing to bear in mind is that like their real-world counterparts, software tools need to be maintained and checked over every once in a while... Even if you treat your DNS server like a toaster, you still have to clean out the crumb tray every now and again !
Our in-house IPAM system recently ran into a problem updating zone files, and as a result we managed to publish a zone file that was syntactically correct but incomplete. As a result of this, we disappeared off the internet for a short time.
Fortunately, I had set up relatively short $TTL's and negative caching periods on all of our zones, but it still took a few hours for everything to shake out !