How a new device bootstraps on the network without DNS? Depends, on the device, but a physical server doesn't need DNS, only PXE boot / TFTP / HTTP as usual and maybe a proxy to access an update server if you don't run one yourself.

That is absolutely true. I believe that a solution where you provision a text file with an updated ip address or /etc/hosts file is inherently simpler, less risky and easier to recover from, although I admit I don't explicitly state this in the article.

And I explicitly argue within the section about egress filtering that allowing systems access to public DNS is a security risk.

Yet, I'm not arguing for Facebook or similar size companies to ditch DNS internally. I'm making the argument for much smaller organisations to pause and think where their own risks lie and if it would make sense to cut out DNS to reduce risk. Whatever process you used as an organisation to update DNS in a safe manner, you still use with the alternative solution, that doesn't change.

That said, even an broken update to /etc/hosts is probably easier and faster to recover from than a broken DNS service that everything is tied to and due to TTL caching, can take much longer to resolve.

- DNS load balancing is not that important for internal services in most Cases? Would only use it if alternatives won’t work.

- the virtual host issue is really adressed by /etc/hosts, I thought that was obvious, I now regret not explicitly adressing it.

Comments URL: https://news.ycombinator.com/item?id=48391957

Points: 53

# Comments: 87

That means this inherent inequality gives one group tremendous power over the other.

What we really need is a system that doesn't automatically promote psychopaths and sociopaths to the top, the more ruthless, the more money you make, despite the human cost. We need a system that doesn't value money/capital as much, but other outcomes.

And we especially don't need Billionaire Philanthropists. Pay the damn taxes. Yet, this is the site for the Temporary Embarrassed Billionaires, so I know how this will go over...

The real thing delaying the energy transition is politics, we have the technology.

And on a really small scale, here in NL we can build our own home battery storage systems with cheap 15kWh or 32kWh battery kits from China. Combine that with dynamic energy contracts it's amazing.

A 15kWh setup is maybe 3500 Euro, and 32kWh around 4500 Euro. Lasts at least 15+ years counting battery cycles.

I dispute this was a 'silent' drive error as many systems reported read errors. Silent data corruption on hard drives is extremely rare, due to the tons of checksums used on all data. Maybe I'm wrong but I bet there are read errors on the drive in the appropriate system logs.

I feel that people confuse regular 'bad blocks' with 'silent data corruption' and there is a huge difference[0].

[0]: https://louwrentius.com/what-home-nas-builders-should-unders...