DNS Is for People – Not for IT Infrastructure

DNS Is for People – Not for IT Infrastructure(louwrentius.com)

24 points by louwrentius 4 hours ago | 12 comments

gfody 40 minutes ago |

> we'll just use /etc/hosts no DNS required!

this is classic "easy vs. simple" folly, witness how someone too lazy to [learn how to] setup proper DNS for their infrastructure will do 10x the work hacking something "easy"

necovek 53 minutes ago |

It is not really true that DNS is for people only: it is used as an aliasing system, for load balancing, and for caching (with no cache invalidation mechanism other than ahead-of-time TTL setting).

It is used to make entire protocols work (MX records for email, but SRV records are used for much more).

Now, if we do look at the most basic of basic DNS roles — mapping a human readable name to arbitrary set of numbers identifying a machine on the network — we should consider how do we avoid some of the issues while keeping all of the benefits of DNS.

Eg. if we indeed "materialize" machine identifiers, we lose the ability to do virtual hosting (domains not passed in) or fix a problem with just a DNS update (eg. treating load-balancing machines like cattle).

The author jumps immediately to, arguably, ill advised materialization techniques like /etc/hosts, without considering all that DNS does for a complex, real world system and what goes missing.

jaredhallen 58 minutes ago |

Seems like a weird crusade. Pointing everything directly at the IP address might not seem so swell when it's time to upgrade the server or the address has to change for some reason. Sure would be nice to just update the DNS record to point to the new address.

themafia 45 minutes ago | |

> or the address has to change for some reason

One annoying reason is you don't own it/have access through the owner anymore.

> Sure would be nice to just update the DNS record to point to the new address.

EC2. Elastic IPs are easy enough, but, precisely, I would just like to make a Route53 alias for an EC2 instance and not even have to care.

Bratmon 2 hours ago |

> Instead of configuring domain names that may not resolve, we can just directly inject the appropriate IP address(ess) into configuration files

Because now you've replaced one single point of failure configuration system with caching and TTLs (DNS) with a higher maintenance and much less widely supported one.

bot403 10 minutes ago | |

Not to mention losing load balancing and failover.

samrus 53 minutes ago |

But whats the problem woth using DNS internally? Given the system is already present, and moving away fron it would be effort. Seems like a nitpick

jghefner 19 minutes ago |

> It's easy to configure systems with tools like Ansible or pyinfra at scale.

Tell me that you've never used Ansible at scale without telling me that you've never used Ansible at scale.

mixdup 1 hour ago |

"just use /etc/hosts" is wild. That is effectively just going from one DNS server servicing all of your machines to having bespoke DNS servers individually running on every host. madness

denkmoon 21 minutes ago |

This is what happens when you take the "it was DNS" meme too seriously. DNS is brilliant. Learn it. If you're really that ideologically opposed to such brilliance, just use the addresses directly. The system described is insane.

linksnapzz 2 hours ago |

Counterpoint: DNS isn't used enough; consider replacing sssd/AD with Hesiod.

themafia 42 minutes ago |

> The case against DNS for internal IT infrastructure

In SOHO settings I might actually agree, but, this is where I think site administered and distributed multicast DNS was a missed opportunity.