Human Errors as a Cause of DNS Failure

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Thu Sep 26 18:18:41 UTC 2002 

Cricket Liu <cricket at menandmice.com> wrote:

>> Does anyone have available a compendium of typical human errors that cause
>> DNS failures? Operational procedure recommendations to help avoid these
>> errors would be appreciated as well.
>>
>> I would be interested in concrete data regarding how typical these
> failures
>> are and what the costs of these failures are to those experiencing them.

> The results of our latest survey of 5000 subdomains of com is now online
> at http://www.menandmice.com/6000/61_recent_survey.html.  You might
> find that interesting:  It gives statistics on common misconfigurations.

How come that a group of admins for an area is so cluless and does
such a bad job ad dns admins seems to do. What other group of
professionals can get away with a 71.1% error rate ?? ( I certenly 
don't address the population reading and participating in this group,
in my opinion close to everyone who ever posted here has a better 
ability to manage dns then the "random dns-admin" observed in the study.)
I do address the countless junkies that is spreading all this junk
( and filling my logs with "Lame delagations"). 

Education is avaliable, cricket and others runs very good ones. Why
don't the knowledge spread out ? Are the general admin simply a
"point-and-click"-luser that happens to find a dark corner in the server hall ?


It's true that DNS has an amazingly stable design where redundancy
and retransmissions will cover up many problems. But why is simple
examinations of dns-servers sanity not done until a service breaks as
the last chain breaks ?



(Sorry could not resist. RIPE has some figures of simular type :
"http://www.ripe.net/ripencc/pub-services/stats/revdns/zcheck/ranking16.html")



> cricket

> Men & Mice
> DNS Software, Training and Consulting
> www.menandmice.com

> The DNS and BIND Cookbook, coming October 2002!
> http://www.oreilly.com/catalog/dnsbindckbk/



-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list