I'm not sure about the exact number of $$$, but at least 10 servers in 5 failover H/A clusters -- at least $50k to $100k of appliances (probably also with uber-platinum support contracts, under the theory that if you're going to throw money at a problem you can't throw too much).
The big problem that we have though is not a technical problem but a problem in pushing IT projects to completion. So even though we have the DNS appliances, we have never done the work to fix all the reverse zones (and the appliances that we have do not make it easier to enter paired A+PTR records and make it harder to forget to add the PTR record, so they FAIL on that particular requirement), and nobody has gone through and deprecated all the old DNS servers -- so we have edge servers doing domains that have not been migrated due to the people who had the logins to the DNS registrar (not our primary DNS registrar) having left the company, plus corporate zones which are served out of their own set of DNS servers, plus at least 2 or 3 other master DNS servers which have only had 'most' of their zone records transferred to the appliances. And then the H/A failover on the appliance has failed to work -- it would be more reliable to simply put bind behind a load balancer. So, my general point is that if you have incompetent SAs and PMs in charge of a system it doesn't matter how much money you throw at Enterprise-class solutions to the problem -- it isn't going to work. On the other hand, if you have competent SAs and PMs in charge, you should be able to build a workable solution on the back of something like bind9 and NICtool -- for free -- with just some scripting work around the NICtool API to setup a padded-room where tier1 people can't break too much. And this solution isn't really "cheap" since it requires a time and salary investment to hire decent people, but it requires a different focus onto people instead of tools. On Mon, 26 Oct 2009, Edward Ned Harvey wrote: >> For example, we've blown 6-figures on DNS appliances which have never >> worked correctly -- when all I'd really like to see is NICtool and bind >> run competently so that we have split-horizon and reverses all work. >> Throwing money at the appliance didn't solve any of our problems for us > > How can you blow 6 figures on DNS appliances? How can DNS not work? I have > only ever seen Bind and AD DNS servers, and I've never seen any complaints > about any of them ... And I'd be *hard* pressed to spend 6 figures ... I > could spend 6 figures to buy 20 servers I suppose. > _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
