Last updated on April 29, 2021.
However your celebrations might look this year, there are several things that you can do to ensure that your networks stay reliable during the holiday lull. Even if you’re just staying home, the last thing you want is for the network to go down and to unexpectedly get called back into work mode.
A small group of IT professionals who are part of our open DDI and DNS expert conversations recently discussed these tips. All are welcome to join the community conversation in Network VIP on Slack.
BlueCat’s network admin checklist for holiday preparedness
Below is BlueCat’s top 10 checklist for network admin holiday preparations to ensure everyone gets to enjoy their end-of-the-year festivities. System administrators deserve a break, too.
While most of these tips apply to all network configurations, some are specific to DNSSEC implementations and BlueCat customers. Something for everyone this holiday season!
- NTP synced. Make sure your systems are synced up on NTP. Keeping your NTP resilient avoids issues with certificates being rejected and preventing communication between systems because of time differentials.
- DNS zone transfers all working. Make sure your DNS zone transfers (or AXFRs) are all working after you make any server changes. With changes that affect AXFRs, it’s wise to give yourself enough time to ensure that everything is operating properly before the holiday exodus.
- Root/admin credentials accessible in the password vault. Make sure that the admins who are monitoring things over the holidays have access to your credentials as needed.
- Syslog target configured. Make sure that your security information and event management (SIEM) solution is well-fed, in case you need to see what happened if something does go wrong.
- SNMP collectors active and plotting. Make sure that your Simple Network Management Protocol (SNMP) collectors are running so you can stay on top of network monitoring.
- Backup of DNS mappings readily accessible. Make sure that you have documented your DNS mappings and have backups. Hardware failures are bad enough without difficulty restoring your configuration.
If you implement DNSSEC on your network:
- DNSSEC key signing keys not expiring. If you are using DNSSEC, make sure that your key signing keys won’t expire over the holidays.
- SOA serials synced for DNSSEC. If you are using DNSSEC and have delegations that require consistency, make sure that your serial numbers on all your start of authority (SOA) records for your DNS zones are synchronized.
If you are a BlueCat customer:
- Valid BAM license. For BlueCat customers, make sure your BlueCat Address Manager (BAM) licenses are valid and aren’t going to expire over the holidays.
- Valid BAM X.509 certificates. For BlueCat customers, make sure that your SSL certificates are valid, too.
Pay attention to planned maintenance
It’s also important to be aware of and understand any maintenance occurring over the holidays, especially if it might require intervention. Certainly, network teams like to take advantage of the quiet time during the holidays to get changes done. That’s all well and good, but make sure that you plan ahead to have all the people and skillsets available that you might need. And make sure you have a good backup plan, too.
Surely there are 50 more to add to this list. So, in the spirit giving, here’s one more:
Don’t forget to leave out the cookies for DNS Claus!
Learn how BlueCat Cloud Resolver tames cloud DNS by simplifying zone discovery and conditional forwarding rule management to improve service delivery.
A compendium of BlueCat’s Learning Certification Program offerings, including learning streams for Integrity, Edge, automation, and DDI.
EMA research found that cloud, automation, and security are the three primary drivers behind investing time or money in DDI technology. What drives you?
EMA research found three distinct stages of DDI maturity, with 65% of enterprises realizing the value of a full-stack DDI solution. Is yours one of them?