My whole approach is predicated on the theory that we have to take the human out of the admin loop if any data in the DNS is going to be worth using.
Network admin is painful because you have multiple systems that need to be kept in sync, you have the service configuration, the DNS, the network, the firewall/NAS and of course the WebPKI. The admin model is all the network config information goes into one place that serves as the source of truth from which all the component configurations are computed. On Wed, Feb 26, 2025 at 7:48 PM George Michaelson <g...@algebras.org> wrote: > In the same spirit, I know a group using them but they're so prone to > bitrot, from OS upgrade, which with virtuals is a low cost operation and > mostly avoids issues for the real job of the machine: individuals keying > info is in their home states which copy in from other places, but the SSHFP > information is recreated in the new VM build, and then nobody remembers to > update the central view. > > I think the record itself structurally is fine. But the operational duty > cycle over it, is probably not adequately integrated into systems. "Don't > forget to update your SSHFP record for this host" or "I am re-using the > host SSHID information you copied into my install process" type stories > would help. > > -G > _______________________________________________ > Ssh mailing list -- s...@ietf.org > To unsubscribe send an email to ssh-le...@ietf.org >
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
