Re: The problem I see with DNSSEC as a potential end user and administrator.

" Ondřej Surý " <ondrej.sury@nic.cz> Fri, 08 August 2008 09:36 UTC

Message-ID: <e90946380808080232w756e1123u2237fa1ac846173f@mail.gmail.com>
Date: Fri, 08 Aug 2008 11:32:27 +0200
From: Ondřej Surý <ondrej.sury@nic.cz>
To: Duane at e164 dot org <duane@e164.org>
Subject: Re: The problem I see with DNSSEC as a potential end user and administrator.
Cc: Namedroppers <namedroppers@ops.ietf.org>, Mark Andrews <Mark_Andrews@isc.org>, Paul Vixie <paul@vix.com>, bert hubert <bert.hubert@netherlabs.nl>
In-Reply-To: <489C112A.8000306@e164.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
Content-Disposition: inline
References: <489BE047.1010100@e164.org> <e90946380808080203g65c99a72meca9db15c1194df1@mail.gmail.com> <489C0E08.3040406@e164.org> <e90946380808080218n7acddd46gd99d39fa71edcb26@mail.gmail.com> <489C112A.8000306@e164.org>
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk

2008/8/8 Duane at e164 dot org <duane@e164.org>:
> OndÅej SurÃ½ wrote:
>> 2008/8/8 Duane at e164 dot org <duane@e164.org>:
>>> OndÅej SurÃ½ wrote:
>>>
>>>> I know that it does add more burder of shoulder of any sysadmin, but
>>>> is it really so much - add a cron job and some monitoring script and
>>>> you are done?
>>> at some point you load the beasts of burden up with so much work that
>>> one extra piece of straw is all that is needed or takes to break the
>>> poor animals back.
>>
>> But now is starts to be only rhethorical discussion.  Have you calculated
>> how much additional work it would be for you?  Using right tools for it
>> (like dnssec-tools[1] or ZKT[2])?
>
> If I have to go out of my way to learn about this stuff you again have
> shown it is neither straight forward nor simple to do.
>
> Until I can type a single command (or no commands) that sets everything
> up I really can't be bothered, since there is no perceived benefit in
> doing so for me.

So when you installed your DNS server infrastructure, was it just
some "magic" command which caused all your domain names to be server
by that servers?  Or did you have to make changes to config files,
generate TSIG keys, configure primary, configure slaves, add zones
to config file...

I see kind of analogy here.  Available tools are bit rough at this time,
but it's magnituted better that it was half a year ago.

Ondrej.
-- 
 OndÅej SurÃ½
 technickÃ½ Åeditel/Chief Technical Officer
 -----------------------------------------
 CZ.NIC, z.s.p.o. -- .cz domain registry
 AmerickÃ¡ 23,120 00 Praha 2,Czech Republic
 mailto:ondrej.sury@nic.cz http://nic.cz/
 sip:ondrej.sury@nic.cz tel:+420.222745110
 mob:+420.739013699 fax:+420.222745112
 -----------------------------------------
¶§²æìr¸zÇ§u©²Æ zÚ'jg®iz»+z«²Ú)²'~àÂ+a¶°¢·nË±Êâmè§jÈ§W¥w²Ø^ë,j{[¡ÜÈb½èm¶ÿ¢"z×è®åËlþv¦yÚè¦«³

The problem I see with DNSSEC as a potential end … Duane
Re: The problem I see with DNSSEC as a potential … David Ulevitch
Re: list policies Duane at e164 dot org
Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
Re: The problem I see with DNSSEC as a potential … Ondřej Surý
Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
Re: The problem I see with DNSSEC as a potential … Ondřej Surý
Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
Re: The problem I see with DNSSEC as a potential … Ondřej Surý
Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
Re: The problem I see with DNSSEC as a potential … Olaf Kolkman
Re: The problem I see with DNSSEC as a potential … Stefan Schmidt
Re: The problem I see with DNSSEC as a potential … Ralf Weber
Re: The problem I see with DNSSEC as a potential … Duane at e164 dot org
Re: The problem I see with DNSSEC as a potential … Ondřej Surý
Re: list policies bmanning
Re: list policies Duane at e164 dot org