On Oct 31, 2012, at 4:02 PM, Doug Barton wrote:
> On 10/31/2012 03:56 PM, Mark Andrews wrote:
>> You are equating a practice that was techically wrong, and known
>> to be wrong from the get go, with one that has never been techically
>> wrong.
> 
> Yes, I'm making exactly the same judgment that typical users make. "It
> works, so it must be Ok."
> 
> The fact that we ("experts") can get away with something, whether it's
> technically right/wrong/indifferent not withstanding, doesn't mean that
> it's good advice for the average user.

I must disagree with my learned colleague here.

Introducing the extra subzone for the current subdomain also introduces extra 
work if DNSSEC is later introduced. It can also cause as many problems as it 
solves even in the absence of DNSSEC.

As for the possibility of administrator error in the future, and making things 
futureproof, I would assert that stumbling when bad assumptions cause problems 
is the quickest way to learn the proper rules of DNS. Designing a system to 
match the possible wrong-headed assumptions of future admins results in a 
system akin to Microsoft's DNS snap-in for MMC, whereby users then develop 
mistakes in their thinking about how DNS works and therefore are unable to 
properly troubleshoot and fix real problems when they occur.

I would prefer to promote a correct understanding of the actual rules of DNS.

Chris Buxton
BlueCat Networks
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to