On Oct 31, 2012, at 4:02 PM, Doug Barton wrote:
> On 10/31/2012 03:56 PM, Mark Andrews wrote:
>> You are equating a practice that was techically wrong, and known
>> to be wrong from the get go, with one that has never been techically
>> wrong.
>
> Yes, I'm making exactly the same judgment that typical users make. "It
> works, so it must be Ok."
>
> The fact that we ("experts") can get away with something, whether it's
> technically right/wrong/indifferent not withstanding, doesn't mean that
> it's good advice for the average user.
I must disagree with my learned colleague here.
Introducing the extra subzone for the current subdomain also introduces extra
work if DNSSEC is later introduced. It can also cause as many problems as it
solves even in the absence of DNSSEC.
As for the possibility of administrator error in the future, and making things
futureproof, I would assert that stumbling when bad assumptions cause problems
is the quickest way to learn the proper rules of DNS. Designing a system to
match the possible wrong-headed assumptions of future admins results in a
system akin to Microsoft's DNS snap-in for MMC, whereby users then develop
mistakes in their thinking about how DNS works and therefore are unable to
properly troubleshoot and fix real problems when they occur.
I would prefer to promote a correct understanding of the actual rules of DNS.
Chris Buxton
BlueCat Networks
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
