It is not really true that DNS is for people only: it is used as an aliasing system, for load balancing, and for caching (with no cache invalidation mechanism other than ahead-of-time TTL setting).<p>It is used to make entire protocols work (MX records for email, but SRV records are used for much more).<p>Now, if we do look at the most basic of basic DNS roles — mapping a human readable name to arbitrary set of numbers identifying a machine on the network — we should consider how do we avoid some of the issues while keeping all of the benefits of DNS.<p>Eg. if we indeed "materialize" machine identifiers, we lose the ability to do virtual hosting (domains not passed in) or fix a problem with just a DNS update (eg. treating load-balancing machines like cattle).<p>The author jumps immediately to, arguably, ill advised materialization techniques like /etc/hosts, without considering all that DNS does for a complex, real world system and what goes missing.
- note I was talking about internal infrastructure, not public services<p>- DNS load balancing is not that important for internal services in most Cases? Would only use it if alternatives won’t work.<p>- the virtual host issue is really adressed by /etc/hosts, I thought that was obvious, I now regret not explicitly adressing it.
> we'll just use /etc/hosts no DNS required!<p>this is classic "easy vs. simple" folly, witness how someone too lazy to [learn how to] setup proper DNS for their infrastructure will do 10x the work hacking something "easy"
History tip: Using /etc/hosts (or as it was called then, "the HOSTS.TXT file") ran into some problems.
Seems like a weird crusade. Pointing everything directly at the IP address might not seem so swell when it's time to upgrade the server or the address has to change for some reason. Sure would be nice to just update the DNS record to point to the new address.
Proposed solution: update the inventory and run your Ansible playbook/role agains your infrastructure (or subset). I don’t see the issue, to be frank.
> or the address has to change for some reason<p>One annoying reason is you don't own it/have access through the owner anymore.<p>> Sure would be nice to just update the DNS record to point to the new address.<p>EC2. Elastic IPs are easy enough, but, precisely, I would just like to make a Route53 alias for an EC2 instance and not even have to care.
> Instead of configuring domain names that may not resolve, we can just directly inject the appropriate IP address(ess) into configuration files<p>Because now you've replaced one single point of failure configuration system with caching and TTLs (DNS) with a higher maintenance and much less widely supported one.
"just use /etc/hosts" is wild. That is effectively just going from one DNS server servicing all of your machines to having bespoke DNS servers individually running on every host. madness
But whats the problem woth using DNS internally? Given the system is already present, and moving away fron it would be effort. Seems like a nitpick
Counterpoint: DNS isn't used enough; consider replacing sssd/AD with Hesiod.
> It's easy to configure systems with tools like Ansible or pyinfra at scale.<p>Tell me that you've never used Ansible at scale without telling me that you've never used Ansible at scale.
This is what happens when you take the "it was DNS" meme too seriously. DNS is brilliant. Learn it. If you're really that ideologically opposed to such brilliance, just use the addresses directly. The system described is insane.
> The case against DNS for internal IT infrastructure<p>In SOHO settings I might actually agree, but, this is where I think site administered and distributed multicast DNS was a missed opportunity.