Re: Programmers with network engineering skills

[Mark Andrews <marka () isc org>]

In message <CAAAwwbXPpNEU_aKgUe=9Si2ZaYn30+NmrHOsV2t4AG5fUEtUHw () mail gmail com>
, Jimmy Hess writes:
> On Mon, Mar 5, 2012 at 6:09 PM, Justin M. Streiner
> <streiner () cluebyfour org> wrote:
>
> > Admittedly we (the 'network guys') don't always make it easy for them. RF=
> Cs
> > get obsoleted by newer RFCs, but the newer RFCs might still reference ite=
> ms
> > from the original RFC, etc. =A0This can turn into developing for somethin=
> g
>
> Yes, this is problematic.    The preferred result should be one specificati=
> on
> for each protocol,   with references only for optional extensions.
>
> > Other common, but misguided assumptions (even in 2012):
> > 1. You will be using IPv4. =A0We have no idea what this IPv6 nonsense is.
> > Looks complicated and scary.
> > 2. 255.255.255.0 is the only valid netmask.
> > 3. You are using Internet Explorer, and our web management interface has
> > ActiveX controls that require you to do so.
> > 4. You will be assimilated. =A0Resistance is futile.
>
> Add some additional misguided assumptions:
>
>    (5)  Any IP address whose first octet is 192.  or  1.  is a private IP.
>    (6)  Any IP address whose first octet is not 192.  is not a valid LAN IP=
> .
>    (7)  Any IP address whose last octet is .0  is an invalid IP host addres=
> s
>    (8)  Any IP address whose last octet is .255 is an invalid IP host addre=
> ss
>
>    (9)  If my DNS service supports DNSSEC validation, even with no trust an=
> chors
>          configured,  it's cool to go ahead and send all queries with
> the CD and DO bits
>          set to 1
>          and perform no validation;  it's even cooler if I only
> support SHA1 keys and
>          no RSA/SHA-256.

Setting DO to 1 is fine.  CD however should be zero unless CD was one on
the request.
 
>   (10)  Everyone enters their NTP,  and AD servers by IP address, so it
>          is best to  have a textbox that only allows IPs,  not hostnames.
>
>   (11)  Nobody actually uses SRV records, so don't bother looking for them.
>
>   (12)  Once a DNS lookup has been performed, the IP never changes, so
> it makes sense
>          to keep this in memory  until we reboot.
>
>   (13)  Nobody has more than 1 recursive DNS server,  1 NTP server, 1
> LDAP server,
>          1 Syslog server,  and  1 Snmp management station;
>          so a single IP entry text box  for each will suffice.
>
>   (14)  Nobody has more than 2 recursive DNS servers, so just allow
> only 2 to be entered.
>
>   (15) 30 seconds per resolver seems like a good timeout for DNS queries, s=
> o no
>         need for a configurable timeout;  just  try each server
> sequentially, make the
>         UI hang, the user will be happy to wait 5 minutes;  also make
> the service
>         provided by the device temporarily stop --   users likes it
> when their devices
>         stop working, to remind them to get their first DNS server back up.
>
>    (16)  The default gateway's IP address is always 192.168.0.1
>    (17) The user portion of E-mail addresses never contain special
> characters like  "-" "+"  "$"   "~"  "."  ",", "[",  "]"

     (18) DNS doesn't use TCP so I won't forward it.

     (19) I only need to offer 1 DNS server though I learnt 3 from
          upstream and they all have different characteristics.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org