Previous Entry Share Next Entry

DNS snicker [warning: protocol geek humor]

I use serial numbers like “2004011432” to make people think that the data hasn’t been updated in ages. Maybe I should use 1980011432 on a zone and see if anyone asks about that.

  • 1
Many moons ago, when I used ISC BIND, my serial numbers for all my domains were always "8675309" - I never bumped the serial, just used short TTLs and manually triggered DNS zone transfers to my secondaries.

Jenny, I got your DNS zone! I'm gonna make you mind! :-)

Oh, and once I had a serve that permitted zone transfers for a particular zone, but the "zone file" they got was just the exact hosts people could find out about by doing reverse lookups of public machines. We were interviewing a guy for a sysadmin job and he pointed this out as a security problem and wouldn't shut up about it until I ended the interview early. He literally said, "I can break into any machine you have because you let me know all their names." I guess "ping" is "breaking in".

Some time in the year 2000, I got email from a random individual informing me that my choice of serial numbers (we went from YYMMDDHH to 100MMDDHH, and are currently at 108MMDDHH, with the HH sometimes incremented past 24 and sometimes DDHH not changing for days) was wrongheaded. I recall the argument being roughly "I'm using serial numbers starting with a 4 digit year, you aren't, your DNS management is broken".

At some point, the people I handed campus IP address management over to will probably move to just plain incrementing the serial on any change, because the software will do that for them.

Yeah, wrongheaded people like that used to bother me a lot more. Now I do this just to tweek them.

I didn't realize people actually looked at anyone's serial number. I do occasionally check versions and the funny things people put there (check out mine)

  • 1

Log in

No account? Create an account