On Wednesday 17 August 2011 23:51:12 Alan McKinnon wrote: > Long long ago (in the 90s) when a current colleague started working > here, he wanted access to the hidden primary (like your ns00). > > He was given a bare machine (no OS) with these instructions: > > It's 10am, by 4pm I want a name server running on that hardware, > authoritative for domain xxx.yyy.zzz, live on the internet, with > firewall installed and all reasonable security precautions taken. You > do not have to register xxx.yyy.zzz with any registrar, we will test > it with "dig @". > > He passed :-)
A better man than me! > The same fellow 3 years later found one day that the company zone had > not loaded after an update (the name servers are self-hosted in that > zone) and the support person that did it had done it twice before > recently. Ten minutes later an ACL was in place and only systems could > edit the zone. The entire company was told to propose sub-domains for > their own teams and systems would delegate them - the uproar was > fantastic but he stood his ground. He was 100% right of course and we > still benefit today. > > Lessons learned: > - do not ever mess with your DNS admin > - $DEITY says "sir" in hushed tones when addressing the dns admin I enjoyed that tale - thank you Alan. -- Rgds Peter Linux Counter 5290, 1994-04-23
