However your celebrations might look this year, there are several things that you can do to ensure that your networks stay reliable during the holiday lull. Even if you’re just staying home, the last thing you want is for the network to go down and to unexpectedly get called back into work mode.
A small group of IT professionals who are part of our open DDI and DNS expert conversations recently discussed these tips. All are welcome to join the community conversation in Network VIP on Slack.
BlueCat’s network admin checklist for holiday preparedness
Below is BlueCat’s top 10 checklist for network admin holiday preparations to ensure everyone gets to enjoy their end-of-the-year festivities. System administrators deserve a break, too.
While most of these tips apply to all network configurations, some are specific to DNSSEC implementations and BlueCat customers. Something for everyone this holiday season!
- NTP synced. Make sure your systems are synced up on NTP. Keeping your NTP resilient avoids issues with certificates being rejected and preventing communication between systems because of time differentials.
- DNS zone transfers all working. Make sure your DNS zone transfers (or AXFRs) are all working after you make any server changes. With changes that affect AXFRs, it’s wise to give yourself enough time to ensure that everything is operating properly before the holiday exodus.
- Root/admin credentials accessible in the password vault. Make sure that the admins who are monitoring things over the holidays have access to your credentials as needed.
- Syslog target configured. Make sure that your security information and event management (SIEM) solution is well-fed, in case you need to see what happened if something does go wrong.
- SNMP collectors active and plotting. Make sure that your Simple Network Management Protocol (SNMP) collectors are running so you can stay on top of network monitoring.
- Backup of DNS mappings readily accessible. Make sure that you have documented your DNS mappings and have backups. Hardware failures are bad enough without difficulty restoring your configuration.
If you implement DNSSEC on your network:
- DNSSEC key signing keys not expiring. If you are using DNSSEC, make sure that your key signing keys won’t expire over the holidays.
- SOA serials synced for DNSSEC. If you are using DNSSEC and have delegations that require consistency, make sure that your serial numbers on all your start of authority (SOA) records for your DNS zones are synchronized.
If you are a BlueCat customer:
- Valid BAM license. For BlueCat customers, make sure your BlueCat Address Manager (BAM) licenses are valid and aren’t going to expire over the holidays.
- Valid BAM X.509 certificates. For BlueCat customers, make sure that your SSL certificates are valid, too.
Pay attention to planned maintenance
It’s also important to be aware of and understand any maintenance occurring over the holidays, especially if it might require intervention. Certainly, network teams like to take advantage of the quiet time during the holidays to get changes done. That’s all well and good, but make sure that you plan ahead to have all the people and skillsets available that you might need. And make sure you have a good backup plan, too.
Surely there are 50 more to add to this list. So, in the spirit giving, here’s one more:
Don’t forget to leave out the cookies for DNS Claus!
Critical conversations on critical infrastructure
Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.
SUNBURST/Solorigate Situation Briefing
BlueCat leaders discuss how the malware attack via SolarWind’s Orion platform exploited DNS and how BlueCat Edge could have helped to detect it.
React faster at the wire with BlueCat and ExtraHop
With the BlueCat ExtraHop Plugin, automatically create missing PTR records, and detect and react to security threats before they reach DNS servers.
Yes, IT should see what developers do in the cloud
Errors and outages occur when admins lack visibility into DNS and IP allocation in the cloud. With Bluecat, central DDI visibility is within reach.
Why McMaster University didn’t want another CIO
McMaster’s CTO, Gayleen Gray, highlights the importance of her unique role in a world where expectations of the CIO and CTO are colliding.