DNS Is for People – Not for IT Infrastructure

linksnapzz

Counterpoint: DNS isn't used enough; consider replacing sssd/AD with Hesiod.

Bratmon

> Instead of configuring domain names that may not resolve, we can just directly inject the appropriate IP address(ess) into configuration files Because now you've replaced one single point of failure configuration system with caching and TTLs (DNS) with a higher maintenance and much less widely supported one.

mixdup

"just use /etc/hosts" is wild. That is effectively just going from one DNS server servicing all of your machines to having bespoke DNS servers individually running on every host. madness

jaredhallen

Seems like a weird crusade. Pointing everything directly at the IP address might not seem so swell when it's time to upgrade the server or the address has to change for some reason. Sure would be nice to just update the DNS record to point to the new address.

necovek

It is not really true that DNS is for people only: it is used as an aliasing system, for load balancing, and for caching (with no cache invalidation mechanism other than ahead-of-time TTL setting). It is used to make entire protocols work (MX records for email, but SRV records are used for much more). Now, if we do look at the most basic of basic DNS roles — mapping a human readable name to arbitrary set of numbers identifying a machine on the network — we should consider how do we avoid some of the issues while keeping all of the benefits of DNS. Eg. if we indeed "materialize" machine identifiers, we lose the ability to do virtual hosting (domains not passed in) or fix a problem with just a DNS update (eg. treating load-balancing machines like cattle). The author jumps immediately to, arguably, ill advised materialization techniques like /etc/hosts, without considering all that DNS does for a complex, real world system and what goes missing.

samrus

But whats the problem woth using DNS internally? Given the system is already present, and moving away fron it would be effort. Seems like a nitpick

themafia

> The case against DNS for internal IT infrastructure In SOHO settings I might actually agree, but, this is where I think site administered and distributed multicast DNS was a missed opportunity.

gfody

> we'll just use /etc/hosts no DNS required! this is classic "easy vs. simple" folly, witness how someone too lazy to [learn how to] setup proper DNS for their infrastructure will do 10x the work hacking something "easy"

denkmoon

This is what happens when you take the "it was DNS" meme too seriously. DNS is brilliant. Learn it. If you're really that ideologically opposed to such brilliance, just use the addresses directly. The system described is insane.

jghefner

> It's easy to configure systems with tools like Ansible or pyinfra at scale. Tell me that you've never used Ansible at scale without telling me that you've never used Ansible at scale.

fulafel

History tip: Using /etc/hosts (or as it was called then, "the HOSTS.TXT file") ran into some problems.

irjustin

Hard disagree - only because if you didn't have DNS you would have something else in its place. But, we understand DNS _very_ well. People, services, machines, etc need to "dial" canonical-somewhere. Whatever does the canonical management is the piece that when it breaks everything breaks. Doesn't matter if it's DNS, EIP rotation, some HA proxy, whatever. It'll break. It's actually that DNS is so well understood that it doesn't fail more often. So no, DNS is for IT Infra.

XYen0n

DNS is merely one implementation of service discovery; even without DNS, some other form of service discovery would still be needed.