Waaaay back when I ran hp.com, I had what I only now realize was an enviable position: I was HPs hostmaster (the somewhat-ceremonial title given to the person responsible for a zone) but not much else. I dabbled in NTP and ran a big mail relay, but the bulk of my responsibility was DNS. From when I got to work in the morning to when I left in the evening, I could concentrate on DNS.
At the time, I didn’t realize what a luxury that was. I figured every big company probably had a person dedicated to DNS. And in those days, some did. Partly, this was because we hostmasters could get away with it. DNS was such a black art that you could simply assert that it took up most of your time and your management wouldn’t know any better.
How the times have changed. I’ve had the opportunity to meet the folks responsible for DNS at many big companies, but I hesitate to call them hostmasters not because they don’t deserve the customary title, but because it sells them short. These people run routers, switches, firewalls, mail servers, and more. Almost no one has the luxury of specializing in DNS any more. The economic climate dictates that we all take on more responsibilities to make our employers more competitive.
Because we can’t afford to coddle our DNS administrators anymore, we can no longer assume the same skill set of those admins. I hope that doesn’t sound disparaging — it’s not meant to be. But a modern DNS administrator can’t burn a full day trying to figure out some nuance of how a BIND name server works. He needs answers right away, and then he needs to move on to the next problem.
I think this problem is just going to get worse. Computer science enrollment is down, way down. At a recent visit to Sonoma State University (to talk about DNSSEC, natch), I asked the faculty about the trend over lunch. During the .COM boom, CS enrollment at the campus was about 400 students. Its about half that now.
This means that the supply of IT administrators of all stripes will dwindle over the coming years (unless of course enrollment jumps). That, combined with the doing more with less trend, means even more work for current admins. Which argues, I believe, for better tools and, especially, increased automation. I think the challenge we’ve had implementing DNSSEC is evidence of this: We engineered the protocol and the implementations for a world gone by, where admins had time to read RFCs, man pages and big blue books; and to do all their work from the command line. Only now are we putting the necessary effort into automating as much of DNSSEC as possible, and only now is adoption accelerating.