allow-update in global options (was Re: bind and certbot with dns-challenge)

G.W. Haywood bind at jubileegroup.co.uk
Mon Mar 18 10:53:12 UTC 2019 

Hi there,

I've been reading this exchange with growing frustration, and I hope a
forthright response will be excused - especially since I now have to
dash out to the hospital so I don't have more time to work on this.

On Mon, 18 Mar 2019, or possibly earlier, Alan Clegg wrote:

> The change was an unintended consequence ...

Please try not to let things like that escape into the wild, and
please, please, NEVER turn them into deliberate actions purely for
your own convenience.  If this means that you have to pull a release,
then so what?  You've put me first.  That's fine by me.

> How many zones are you authoritative for?  Would it be a major
> difficulty to (once) change the existing zones and then modify your
> provisioning to add the "allow-update" option in the zone stanza?

Please don't even *think* questions like that.  Maybe you could code
it yourself, and send the script out with the next release, and take
the flack when it breaks, and next time, well, not do it.

> ... roasted because they don't read the release notes.

Seems to me that you don't care anything like enough about this.

> If we (ISC) base our changes on what we've gotten in response to the
> surveys, we will make changes based on the fact that nearly all of the
> somewhere around 20 people that use BIND are using Solaris.
>
> Not enough people actually respond to our surveys to base any real
> changes on the results.

Apologies for speaking frankly, but that's a lie.

> If anyone can tell me why we have such low response rates to our
> surveys, please let me know that as well... WE NEED YOUR INPUT.

THE ISC HAS ALREADY HAD MY INPUT.  HERE, ON THIS LIST.

> If, after breaking things because the default behavior changed and you
> hadn't read the release notes, you can then read the release notes, and
> you will know why it broke.

If you can say that, I can now confidently tell you that even if you
are asking questions, you aren't asking the right questions and you
aren't listening to the answers anyway.  The people you're asking tend
to be busy, and the people that are likely to be able to give you
useful responses tend to be VERY busy.  Try asking:

"If the next release of BIND breaks your existing configurations and
you either have to start writing sed and awk scripts to fix them or
change to a different product, can you tell us

1. what else will be going on in your office that morning,

2. exactly how pleased you will be to have your load increased without
warning, and

3. as a result of the next disruption we've planned for you, how much
more likely will it be that you will change to a different product?"

Right, you say, you already know the answers.  Try also:

"Are thousands and thousands of surveys from suppliers annoying?"

Right, you say, you already know the answer to that one too.  (I have
a couple of milter rules that reply to email surveys with a specially
crafted 550 5.7.1 ...)

And please, DON'T EVER say:

"WE NEED YOUR INPUT"

when you've already had it.  If you make a survey, and the result you
get back is a big "Yawn", that input tells you what you need to know.

In case there's still any doubt, pop along to Vicky's office and have
a chat with her (even if it means that you'll have to get on a 'plane,
it will be worth it).  On the wall in Vicky's office you should find
an email from me.  I've reproduced it below together with her response
to it.  Apologies, Vicky, if that's taking a liberty.

There are users, and there's everything else, like the infrastructure.
The users alone give us enough trouble thank you very much, and *they*
usually only give trouble one at a time.

It's REALLY annoying when the infrastructure starts to give trouble,
because then all the users kick off, all at once, and they tell us
it's all our fault.

Curiously enough, it is.

-- 

73,
Ged.

8<----------------------------------------------------------------------
Date: Wed, 26 Feb 2014 12:44:37 +0000 (GMT)
From: "G.W. Haywood" <bind at jubileegroup.co.uk>
To: bind-users at lists.isc.org
Subject: Re: BIND 9.10.0b1 has been released.

Hi there,

On Wed, 26 Feb 2014, Michael McNally wrote:

> At ISC we are quite excited about the long list of new features and ...

I don't want to rain on your parade, and I know that this is likely to
be contentious, but I would just like to ask all at ISC (and I know it
isn't necessary, but I'll ask anyway) to remember that many of us out
here in the Totally Untamed Internet do not like our infrastructure
to be exciting.  Long lists of new features give me personally the
screaming heeby-jeebies.  The last thing anyone needs is a zero-day
BIND exploit in the wild.

Solid and dependable is good.  For the most part BIND is just that,
and I can't heap enough praise on the people who gave all that to us.

But I've noticed in the last few years that I've had to do more work
to keep up with bind developments when a few things have escaped that
perhaps should not have.  I've wanted to say this for at least a year
and I'm finally biting the bullet.

Please do not consider this in any way to be any kind of a criticism.
Maybe just a gentle nudge.  Hopefully a contribution.  Take your time.
Get it right.  No surprises please.  If that means that new features
aren't even compiled in unless I ask for them, that's fine by me.

Many of us seek no excitement at all in our working day.

-- 

73,
Ged.
8<----------------------------------------------------------------------
Date: Sun, 6 Apr 2014 10:26:11 -0700
From: Victoria Risk <vicky at isc.org>
To: bind at jubileegroup.co.uk
Subject: Re: BIND 9.10.0b1 has been released.

Hello Ged,

I am the product manager for BIND, which means that part of my job is
balancing the demand for new features from some power users and
concern about stability and ease of use for other users. Anyway, I
wanted to let you know, I am printing your recent posting to
bind-users out and posting it on my wall.  Also, as we get ready to
release BIND 9.10, I will be careful to edit out any overly excited
language. ;-)

Seriously, we do realize that the overwhelming desire is for stable
BIND, but it is always good to be reminded.  Thank you for your post.

Regards,

Vicky Risk
Product Manager, isc.org
8<----------------------------------------------------------------------

More information about the bind-users mailing list