[Novalug] ip/dns opinion

James Tuttle jwtuttle@gmail.com
Wed Aug 15 21:46:52 EDT 2012


On Wed, Aug 15, 2012 at 6:54 PM, Mark Smith <mark@winksmith.com> wrote:
> is there some merit in using IP(v4) addresses for network nodes?
> Is there some merit in trying to even convince anyone to use DNS names
> instead of IP addresses.

There are only a few compelling reasons I can think of to use IPv4
addresses rather than DNS:

1) To test whether DNS is broken.  If you can't hit a server via DNS,
and you know it has a static IP, trying to hit the DNS directly can
give you a quick-and-dirty indication that it's DNS that's broken and
not something higher up in the stack.  Not the greatest indicator but
I'm sure we've all done it.  But that's not a reason for using it
continuously, just a reason for knowing what a server's DNS address
*is*.  I'm sure I'm not the only person who keeps around a file of IP
addresses for this reason.

2) If your DNS resolution is very slow and doesn't set TTLs properly
(or caching resolvers don't honor them), then slightly-clueful users
will quickly figure out that plugging in the IP addresses directly
results in better performance, particularly if the server in question
is something that gets hit often like a web service.  I've seen DNS
TTLs set to very low values (like <60sec), generally for some sort of
test purpose that never gets reset for production, causing
multi-second delays every time a web service gets queried.  In those
cases, using a static IP address can result in huge apparent
improvements.  If this is what's happening, the solution is to fix the
resolvers.

3) If your DNS addressing scheme is useless or un-intuitive to the end
users, such that it's easier to keep a list of IP addresses around (or
use /etc/hosts or something else), then people are going to do that.
IMO, the purpose of DNS is to provide human-readable, "friendly" names
for servers/systems.  Something like
"MSC01Q01X40MPP-QV-T01.bigcorpdomain.com" is barely human-readable and
defeats the purpose of DNS.  If you *have* to use a stupid addressing
scheme like that on a server level, at least create reasonable CNAME
records for services/applications that point to it for users.

There are lots of reasons why you *should* use DNS addresses instead
of hardcoding IPs everywhere (especially into config files and
bookmarks), to the point where it's hardly worth mentioning them ...
though I will call out one that gets me all the time: adding load
balancing or failover.  If you're setting up an application today,
even if it's not currently load balanced, you'll be making someone's
life (perhaps yours) much easier down the road if you give it a
non-server-specific name that's then CNAMEd to the server-specific DNS
record (which in turn resolves to the server's IP).

As for your specific issue, I'd try to figure out *why* users are so
insistent on using IP addresses and why they think it better than DNS
names.  There might be an underlying architectural problem (like slow
resolution and short TTLs, or rabidly unfriendly domain names) that's
pushing them in that direction that you should fix before applying the
clue bat.

-James



More information about the Novalug mailing list