On Mon, 22 Jul 2019 at 14:00, Dan Mahoney <dmaho...@isc.org> wrote: > On NOTE: > > Moving to the DNS-vendor standard answers of "just use DDNS" or "put it in > an IPAM" add additional complexity, and additional attack surfaces. DNS > servers have a tenuous relationship with database backends, and I spend > enough time patching my DNS servers without having to patch an IPAM. >
"Just use DDNS" is actually harmful advice in many situations, for exactly the reasons you've raised. Maintaining versioning and "blame" (who made what change when) is overly complex when trying to use DDNS-based zone maintenance. Not to mention I can put together a fairly decent zone change management process using version control and zone files with off-the-shelf software that any small enterprise can make use of ... there just aren't any good OSS zone editors based on DDNS that I'm aware of, and small enterprises can't afford to do a ton of in-house software development to make something purpose built.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
