| 1 |
On Wednesday 17 August 2011 23:51:12 Alan McKinnon wrote: |
| 2 |
|
| 3 |
> Long long ago (in the 90s) when a current colleague started working |
| 4 |
> here, he wanted access to the hidden primary (like your ns00). |
| 5 |
> |
| 6 |
> He was given a bare machine (no OS) with these instructions: |
| 7 |
> |
| 8 |
> It's 10am, by 4pm I want a name server running on that hardware, |
| 9 |
> authoritative for domain xxx.yyy.zzz, live on the internet, with |
| 10 |
> firewall installed and all reasonable security precautions taken. You |
| 11 |
> do not have to register xxx.yyy.zzz with any registrar, we will test |
| 12 |
> it with "dig @". |
| 13 |
> |
| 14 |
> He passed :-) |
| 15 |
|
| 16 |
A better man than me! |
| 17 |
|
| 18 |
> The same fellow 3 years later found one day that the company zone had |
| 19 |
> not loaded after an update (the name servers are self-hosted in that |
| 20 |
> zone) and the support person that did it had done it twice before |
| 21 |
> recently. Ten minutes later an ACL was in place and only systems could |
| 22 |
> edit the zone. The entire company was told to propose sub-domains for |
| 23 |
> their own teams and systems would delegate them - the uproar was |
| 24 |
> fantastic but he stood his ground. He was 100% right of course and we |
| 25 |
> still benefit today. |
| 26 |
> |
| 27 |
> Lessons learned: |
| 28 |
> - do not ever mess with your DNS admin |
| 29 |
> - $DEITY says "sir" in hushed tones when addressing the dns admin |
| 30 |
|
| 31 |
I enjoyed that tale - thank you Alan. |
| 32 |
|
| 33 |
-- |
| 34 |
Rgds |
| 35 |
Peter Linux Counter 5290, 1994-04-23 |
Archives