This Theory, That I Have, That Is to Say, Which Is Mine...
April 26 2010 by 
Cricket Liu (Infoblox)
Waaaay back when I ran hp.com, I had what I only now realize was an enviable position: I was HP’s hostmaster (the somewhat-ceremonial title given to the person responsible for a zone) but not much else. I dabbled in NTP and ran a big mail relay, but the bulk of my responsibility was DNS. From when I got to work in the morning to when I left in the evening, I could concentrate on DNS.
At the time, I didn’t realize what a luxury that was. I figured every big company probably had a person dedicated to DNS. And in those days, some did. Partly, this was because we hostmasters could get away with it. DNS was such a black art that you could simply assert that it took up most of your time and your management wouldn’t know any better.
How the times have changed. I’ve had the opportunity to meet the folks responsible for DNS at many big companies, but I hesitate to call them “hostmasters”—not because they don’t deserve the customary title, but because it sells them short. These people run routers, switches, firewalls, mail servers, and more. Almost no one has the luxury of specializing in DNS any more. The economic climate dictates that we all take on more responsibilities to make our employers more competitive.
Because we can’t afford to coddle our DNS administrators any more, we can no longer assume the same skill set of those admins. I hope that doesn’t sound disparaging—it’s not meant to be. But a modern DNS administrator can’t burn a full day trying to figure out some nuance of how a BIND name server works. He needs answers right away, and then he needs to move on to the next problem.
I think this problem is just going to get worse. Computer science enrollment is down, way down. At a recent visit to Sonoma State University (to talk about DNSSEC, natch), I asked the faculty about the trend over lunch. During the .COM boom, CS enrollment at the campus was about 400 students. It’s about half that now.
This means that the supply of IT administrators of all stripes will dwindle over the coming years (unless of course enrollment jumps). That, combined with the “doing more with less” trend, means even more work for current admins. Which argues, I believe, for better tools and, especially, increased automation. I think the challenge we’ve had implementing DNSSEC is evidence of this: We engineered the protocol and the implementations for a world gone by, where admins had time to read RFCs, man pages and big blue books; and to do all their work from the command line. Only now are we putting the necessary effort into automating as much of DNSSEC as possible, and only now is adoption accelerating.
Posted in DNSSEC | BIND | Automation | 
2 comments
Apr 27, 2010 at 8:51 AM
Totally agree. But this does not only applies to DNS, but every section in IT currently.
There is also a big problem currently with a misconception of what IT does, and what kind of department is, and the low number of people applying for CS is that the curriculum aren't worth much because they are too generalized, and provide no real work experience, and most universities don't want to invest in a ever changing career that is expensive to keep up.
So, IT is centralizing, automating, and 80% of the time, the people leading IT do not understand IT (from university to CEO, CFO, and even some "IT management".
The smaller the company, the more misunderstood IT is, and the more concentrated is.
David
IT "manager" for 100 users (net admin, exchange, DNS, webmaster, etc, etc etc)
Jul 19, 2010 at 11:20 AM
This is fairly spot on and the problem grows even larger with the smaller the organization.
IT Administrators need tools that enable them to do more with less. I don't necessarily believe the days are complete gone as I have witnessed fairly large organizations that still have teams dedicated to managing dns and similar services. It is still too critical of a service to simply let sit along the wayside.
Again the problem is always smaller shops when time is prioritized. If services such as DNS are simply functioning then features and value adds are going to be pushed aside for more emergent issues. The problem with life in general is there is always something emergent! IT has devolved into a very interrupt driven atmosphere and forward thinking often takes a back seat to the fire brigade.
All of this screams there is a huge demand for ready made out of the box replacements that simply work.