securing bind in todays hostile environment
N. Max Pierson
nmaxpierson at gmail.com
Mon Jan 20 16:21:46 UTC 2020
Ah, allow me to apologize then. Since I did not see any mention as to why you possibly didn’t think ansible would serve us well for this job I had wrongly assumed you to had maybe demo’d or just got handed the task of automating in your organization and didn’t have time to research or test it before go live, causing a bad experience from it possibly.
The idea for ansible in this case would be to simply manage the zones for us on record changes which allowed me to come up with a front end so our customers would have self service for the ones that do not pay us to manage their zone for them. Trying not to have to re-invent the wheel and write some sort of API that did some sort of regex nightmare in shell against the zones, etc for simple changes. I can much more easily write a form that generates YML I need with the data. The next step is to actually interface with ansible at the API level to remove the having to generate YML and run cli commands all together, but I’m only one person and coding isn’t even more area of expertise, so in time lol.
Yes I have been a part of that same boat a few times myself elsewhere but fortunately where I am now, they seem to understand if I make them more money, it has to work both ways. They agreed so the arrangement is working quite well and I appreciate the remark.
> On Jan 19, 2020, at 2:01 PM, John W. Blue <john.blue at rrcic.com> wrote:
> Since it sounds like you have not had much experience with, I urge you to check it out should you have anything in your environment that could benefit from automation. Simply telling someone to chunk it and not have any experience with it is a little misguided IMO.
> We pay multiple different teams to play in the ansible, docker, kubernetes et al sandbox so, yeah, I admittedly do *need* to have much experience. My comments are not an indictment against ansible itself because I observe it being used to create basic servers on a regular basis. It does a fantastic job. Rather I was questioning the use of ansible to specifically deploy DNS servers.
> Since you updated your comments to mention that you all are selling DNS services, the choice of ansible now makes more sense.
> I've worked in the MSP space in the past and my general observation is that it is a sweat shop with no loyalty in a race to the bottom of how low of a salary they can get away with paying. I genuinely hope your experience will be different.
> Sent from Nine <http://www.9folders.com/>
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users